Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Viruses and PUPs [Closed]


  • This topic is locked This topic is locked

#1
mewsick75

mewsick75

    Member

  • Member
  • PipPipPip
  • 292 posts

Hello,

 

Okay, I tried to scan the computer with Malwarebytes and it found some 2,500 unwanted items.  I then cleared them out and restarted the machine.  Scanned it again and it found some 600 more.

I tried to go online but every time I tried to go to certain websites, a ton of popups or redirects would take over.  So I hope you can help me find out whats going on and remove the issues.

 

Windows 7 64bit

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by punjab (administrator) on PUNJAB-PC on 02-05-2015 21:40:52
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-02] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-02] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-10-15]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_18\bin\jp2ssv.dll No File
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll [2011-10-14] (Symantec Corporation)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll [2011-10-14] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default
FF DefaultSearchEngine.US: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2015-01-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\user.js [2015-04-16]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\[email protected] [2011-08-15]
FF Extension: azhangcloudaclcom - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\[email protected] [2015-04-15]
FF Extension: Roaming Rate - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\{4084a2c4-f836-4884-9f5d-b4e31cc13dda}.xpi [2015-04-16]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2015-04-26]
FF HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-22] <==== ATTENTION
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=",
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (YouTube) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Google Search) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (epindigjbiphgfhnmlpcocaiafjgbabe) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Skype Click to Call) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Gmail) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR HKLM-x32\...\Chrome\Extension: [keaillmajpeodnbelalgeffidfcdgiem] - C:\Program Files (x86)\LyricsContainer\125.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a9c2ee8a; c:\Program Files (x86)\TerminusBoost\TerminusBoost.dll [2329600 2015-05-02] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U0 rqjy; C:\Windows\System32\drivers\wsyjfbb.sys [79064 2015-04-27] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 21:40 - 2015-05-02 21:41 - 00022620 _____ () C:\Users\punjab\Desktop\FRST.txt
2015-05-02 21:40 - 2015-05-02 21:40 - 00000000 ____D () C:\FRST
2015-05-02 21:40 - 2015-05-02 21:34 - 02101248 _____ (Farbar) C:\Users\punjab\Desktop\FRST64.exe
2015-05-02 07:18 - 2015-05-02 07:18 - 00000000 ____D () C:\ProgramData\CheapCoupon
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Windows\system32\SPReview
2015-05-02 03:01 - 2015-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\TerminusBoost
2015-04-27 17:54 - 2015-04-27 17:54 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wsyjfbb.sys
2015-04-26 16:23 - 2015-04-27 15:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 16:23 - 2015-04-26 16:23 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-26 16:22 - 2015-04-26 16:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\punjab\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-26 15:52 - 2015-04-26 16:03 - 00000000 ____D () C:\Users\punjab\Desktop\Slim In 6
2015-04-22 21:21 - 2015-04-22 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-19 08:25 - 2015-04-19 08:25 - 00669904 _____ () C:\Users\punjab\Downloads\Setup(10).exe
2015-04-19 08:24 - 2015-04-19 08:24 - 00669904 _____ () C:\Users\punjab\Downloads\Setup(9).exe
2015-04-19 07:22 - 2015-04-19 07:22 - 00000000 ____D () C:\Users\punjab\AppData\Roaming\MyTurboPC.com
2015-04-19 07:21 - 2015-04-24 10:40 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-04-19 07:19 - 2015-04-19 07:20 - 06431232 _____ (MyTurboPC.com) C:\Users\punjab\Downloads\Myturbopc.exe
2015-04-17 23:03 - 2015-04-17 23:03 - 00000000 ____D () C:\Users\punjab\AppData\Local\AdBlaster
2015-04-17 23:02 - 2015-04-17 23:02 - 01614456 _____ () C:\Users\punjab\Downloads\Setup(8).exe
2015-04-17 22:56 - 2015-04-17 22:57 - 00768512 _____ (Reimage®) C:\Users\punjab\Downloads\ReimageRepair.exe
2015-04-17 06:02 - 2015-04-17 06:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6EFB.tmp
2015-04-16 09:51 - 2015-04-16 09:51 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-16 09:44 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-04-16 09:44 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-04-16 09:41 - 2015-04-16 09:41 - 01101552 _____ (Installer Setup) C:\Users\punjab\Downloads\Setup(7).exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00000000 ____D () C:\Windows\pss
2015-04-11 20:17 - 2015-04-15 09:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-11 20:07 - 2015-05-02 03:01 - 00000000 ____D () C:\ProgramData\1e8b82f200000dfa
2015-04-11 19:55 - 2015-04-11 19:55 - 00000000 ____D () C:\Users\punjab\Documents\Optimizer Pro
2015-04-11 19:49 - 2015-04-27 17:54 - 00000000 ____D () C:\ProgramData\{65a8fd47-49b8-5906-65a8-8fd4749bf51d}
2015-04-11 19:49 - 2015-04-26 22:57 - 00000000 ____D () C:\Program Files (x86)\a69c3765-d22e-49c2-bc72-b4dc474f4798
2015-04-11 19:49 - 2015-04-11 19:49 - 00000000 ____D () C:\Users\punjab\AppData\Local\globalUpdate
2015-04-11 19:48 - 2015-04-11 19:48 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-04-11 19:47 - 2015-04-11 20:15 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-04-11 19:47 - 2015-04-11 20:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashRpt
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\ProgramData\DVD Shrink
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 21:39 - 2014-02-09 17:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-02 21:39 - 2012-05-21 15:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 21:39 - 2011-03-17 18:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 20:00 - 2010-09-25 03:50 - 01090939 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 19:49 - 2012-06-02 10:44 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashDumps
2015-05-02 03:07 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 03:07 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 17:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-27 15:35 - 2014-07-27 10:29 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-04-27 15:30 - 2012-05-21 15:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-27 15:30 - 2012-05-21 15:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-27 15:30 - 2011-12-04 08:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-27 03:02 - 2009-07-14 01:13 - 00779788 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 23:05 - 2012-11-04 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 23:05 - 2010-10-17 03:22 - 01109010 _____ () C:\Windows\PFRO.log
2015-04-26 23:05 - 2010-09-25 06:42 - 00000000 ____D () C:\Windows\ShellNew
2015-04-26 23:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 23:05 - 2009-07-14 00:51 - 00100968 _____ () C:\Windows\setupact.log
2015-04-26 22:57 - 2013-08-06 18:02 - 00000000 ____D () C:\Program Files (x86)\FLVPlayer
2015-04-21 17:11 - 2011-01-19 15:07 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-04-21 17:11 - 2010-09-25 04:13 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 23:10 - 2010-10-15 16:56 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 23:10 - 2010-10-15 16:55 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 09:17 - 2012-12-16 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:16 - 2013-08-13 06:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 09:08 - 2010-10-22 11:59 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 20:44 - 2010-09-25 04:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-11 20:44 - 2010-09-25 04:49 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 20:37 - 2011-01-19 19:13 - 00000000 ____D () C:\Program Files (x86)\The Learning Company
2015-04-11 20:09 - 2012-05-05 14:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-11 20:03 - 2011-03-17 18:23 - 00000000 ____D () C:\Users\punjab\AppData\Local\Google
2015-04-11 19:59 - 2010-09-25 04:33 - 00000000 ____D () C:\ProgramData\Cozi
2015-04-11 19:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-11 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-10 20:50 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\punjab\Documents\Recipes
2015-04-03 09:30 - 2010-10-15 16:52 - 00000000 ____D () C:\Users\punjab
2015-04-03 09:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2015-04-19 07:22 - 2015-04-23 22:23 - 0000115 _____ () C:\Users\punjab\AppData\Roaming\LogFile.txt
2014-12-06 18:49 - 2014-12-06 18:49 - 0000047 _____ () C:\Users\punjab\AppData\Roaming\WB.CFG
2015-02-07 19:03 - 2015-02-07 19:03 - 0000088 _____ () C:\Users\punjab\AppData\Local\46771c555068ec9634c2e77ff09000ce
2015-02-07 23:17 - 2015-02-07 23:17 - 0000001 _____ () C:\Users\punjab\AppData\Local\DSI.DAT
2011-11-10 14:09 - 2011-11-10 14:09 - 0000000 _____ () C:\Users\punjab\AppData\Local\{0DBE7D26-A085-4542-B048-02DE7A2F970B}
2011-12-03 18:50 - 2011-12-03 18:50 - 0000000 _____ () C:\Users\punjab\AppData\Local\{1C1E1EF6-8B4F-4A82-9334-07E7764F6FA4}
2011-11-10 14:11 - 2011-11-10 14:11 - 0000000 _____ () C:\Users\punjab\AppData\Local\{2E750281-8A02-46E6-9163-F2C4CB50EE92}
2011-11-04 17:40 - 2011-11-04 17:40 - 0000000 _____ () C:\Users\punjab\AppData\Local\{765B080F-BED4-4E8E-8641-F4971040A371}
2012-03-08 23:16 - 2012-03-09 10:23 - 0000432 _____ () C:\ProgramData\3z4TWdYrN4O8pS
2010-11-06 14:23 - 2010-11-06 14:23 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2013-03-24 17:55 - 2013-03-24 18:35 - 0004715 _____ () C:\ProgramData\hpzinstall.log
2012-03-08 23:16 - 2012-03-09 10:20 - 0000288 _____ () C:\ProgramData\~3z4TWdYrN4O8pS
2012-03-08 23:16 - 2012-03-09 10:20 - 0000200 _____ () C:\ProgramData\~3z4TWdYrN4O8pSr
 
Some content of TEMP:
====================
C:\Users\punjab\AppData\Local\Temp\cabex.dll
C:\Users\punjab\AppData\Local\Temp\ClientToMobilePlatform.exe
C:\Users\punjab\AppData\Local\Temp\dvdshrink32setup.exe
C:\Users\punjab\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\punjab\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\punjab\AppData\Local\Temp\optprosetup.exe
C:\Users\punjab\AppData\Local\Temp\SpOrder.dll
C:\Users\punjab\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
C:\Users\punjab\AppData\Local\Temp\_t5zjh8o.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-27 18:31
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by punjab at 2015-05-02 21:42:33
Running from C:\Users\punjab\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2405105115-4192906405-531811981-500 - Administrator - Disabled)
Guest (S-1-5-21-2405105115-4192906405-531811981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2405105115-4192906405-531811981-1002 - Limited - Enabled)
punjab (S-1-5-21-2405105115-4192906405-531811981-1000 - Administrator - Enabled) => C:\Users\punjab
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510nz_Help_Web (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz_web (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures Deluxe (HKLM-x32\...\Bookworm Adventures Deluxe) (Version:  - PopCap Games)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon iP100 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CheapCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - CheapCoupon) <==== ATTENTION
Chuzzle Deluxe (HKLM-x32\...\am-chuzzledeluxe) (Version:  - gamehouse)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.40 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 4500 G510n-z (HKLM\...\{F27CFD16-939A-4232-98CD-180898D14713}) (Version: 13.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft Packages (HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Minecraft Packages) (Version:  - ) <==== ATTENTION
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 2.0.0.16 - Symantec Corporation)
Plants vs. Zombies™ (HKLM-x32\...\am-plantsvszombiestm) (Version:  - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TerminusBoost (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9c2ee8a}) (Version:  - Software Publisher) <==== ATTENTION
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}) (Version: 1.0.3 - Smith Micro Software, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.67.0 - Verizon)
VZAccess Manager (HKLM-x32\...\{4F6471D6-9D91-4699-BA1A-B7AD33E46546}) (Version: 7.3.11.1 - Smith Micro Software Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.11.2 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - PopCap Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
29-04-2015 03:25:38 Scheduled Checkpoint
30-04-2015 06:57:49 Windows Update
30-04-2015 07:17:53 Windows Update
01-05-2015 03:00:37 Windows Update
02-05-2015 03:00:39 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-08-13 06:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {33F08EFF-1CDC-4874-8BAB-099738B985AD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A890F8F-9103-45BC-8816-B0F796359CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3E92858E-7BF8-40E0-9FCE-6871C65D94D3} - \Inst_Rep No Task File <==== ATTENTION
Task: {521C9137-7AFD-4884-A888-3D1B786C8B17} - System32\Tasks\{B41442BC-4BC7-43A5-BE64-A0E6D816CDB5} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM0H498G\BWASetup[1].exe" -d C:\Users\punjab\Desktop
Task: {549C35A4-01F8-4EC3-95C7-C6BCC576A7AA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {7E1E0C3A-5819-4973-8F37-491DEDB88693} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9685888C-081B-42BD-8235-3B29E171EBBF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2405105115-4192906405-531811981-1000
Task: {9A1E1279-367A-44A3-B917-C43AD4BBDA6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9E5C990-D962-4015-A273-343C06D7204D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {ABF1F0AF-4E76-4783-A042-4BD14E7A83D5} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {AF3F8A19-5758-4739-8A5D-783B3D387A19} - System32\Tasks\{F2BCF66D-6CD5-426F-80DE-7DE3BAACCA4E} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7XUDWO2\download[1].exe" -d C:\Users\punjab\Desktop
Task: {B422DBB2-CF3A-4D6C-A353-B8196214A008} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C398F948-4D5F-47DF-9A43-AC34072707DC} - System32\Tasks\4821 => Wscript.exe C:\Users\punjab\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CF11E501-3AF3-4D05-A484-F6EFA487F1D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: {E8921860-17ED-4071-81BD-B3BE08308514} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-09-25 04:58 - 2010-05-21 13:00 - 00783680 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-12-04 05:36 - 2012-12-04 05:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3d8291e96c1f38d0ef71531fc871d956\VistaBridgeLibrary.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-09-25 04:57 - 2010-05-21 12:58 - 00116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 01123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-09-25 04:57 - 2010-05-21 12:59 - 00079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2012-12-04 05:16 - 2012-12-04 05:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f08caa57275e16ad5cfaf4483f93b658\IsdiInterop.ni.dll
2010-09-25 04:24 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-05-02 03:01 - 2015-05-02 03:01 - 02329600 _____ () c:\Program Files (x86)\TerminusBoost\TerminusBoost.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^Users^punjab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{91866116-323E-4EF8-B643-264F1A26ACE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F8A71591-2002-4C27-883A-BED4AD3D3B73}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7E88D1E6-7048-4652-8859-B6A812A9C94D}] => (Allow) svchost.exe
FirewallRules: [{FBC957E6-AEA8-4AB1-B018-DD8C4DD40EE5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF382154-C18B-4EE3-84BB-3912A7FB0547}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{043D53BF-A604-42D8-95DD-B7EF7E9D1D2F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CD55F3B1-AEAD-4689-A3FF-A4C462D35B11}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2B000A0F-B612-44DC-A061-7E3118A4D0CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D1890E30-DBF0-4D44-B2AD-1B8C54DEEC68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B106997-A1EE-44A6-ADDA-5D47D220F896}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8992EAF-AE3C-4381-964B-9E6145A4593B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D49AF95-A0A1-4CED-BFAC-ECC793CB61F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22571417-722B-4D52-8A9E-0890B2AFE0A2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BB810BD3-CBAE-4D8F-B5D2-3A2AD88DE0D3}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{BCF03F22-A20F-4554-BEE1-5AEAE4E07F56}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{07C95A63-739F-498B-9325-A58D0E98A609}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C152E402-5859-4C5D-ABE1-4DDB8F971419}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{5DC28558-4FAC-4747-9183-C5AD2157D4BC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1BB3BC9D-C472-4C2E-9485-FE430F024B97}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D54144EE-C11D-4B69-95F4-6D381207D1F0}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{381186E3-7418-4A9A-9804-6550D7841A11}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{1F82158C-58EE-43BE-ABA8-9209B8BC2D2E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{03825541-A0CC-43B2-94D7-59E77C162A77}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8E591CA5-1865-43F9-8534-D380DBAAC353}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6225CC01-E2A0-4D6F-BD70-9E4E988D32CA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{85B83C72-80E5-419C-8AAA-6FECA696E774}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A606E1DF-B246-4862-9966-1443C24018DD}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8979AF37-9B2B-46E0-9F74-3E26D5630D8A}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{4CE02929-4611-492F-85CF-0BB3CDB08062}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6574F663-419D-481F-A6E1-2643087024F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{C2E53016-3EB4-4EF4-8038-E17B01673DD9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{6475E007-DEB1-4EE8-99D7-0C2F40B52186}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{DCB93EDE-E197-405D-8CED-8DA34ACC5040}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{36737D09-2E1E-42E6-89E3-AA32D3CA011E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{30CED065-968D-4175-B62F-235A7A6FEED5}] => (Allow) C:\Users\punjab\AppData\Local\Temp\HP\OJ4500vG510n-z_Basic_13_en\setup\hpznui40.exe
FirewallRules: [{D47ECA4D-2334-402B-8058-C01BF6FE70DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C961D5C4-953A-45F2-AFA8-5B441B04BDBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{919F25F8-4992-4AF2-976B-7106A76E68A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9CFC3D98-E170-460A-B1D0-DA0A3E66265E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{531DEB25-B2D7-4699-8E2E-CB7D215C9389}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B517595C-7012-48A6-A407-4ED0F4494585}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{217FCE57-518E-45B8-B5EB-1C8507D0A18D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9FB44038-C94E-4D65-B57F-6BF3CAAD9093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34AED249-38DB-4544-B71D-9619BEE1DB0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7AA0AFE-13F8-43D9-AD69-FCAD8418E167}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
FirewallRules: [{D53661C6-93DC-42FB-B4A1-74CC365F38FD}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 07:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1270
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (05/02/2015 07:49:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b8
 
Start Time: 01d08531b887f106
 
Termination Time: 126
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: cf9d6f05-f125-11e4-ab44-061bb145308c
 
Error: (05/02/2015 03:00:33 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a2e36b31-c878-11df-8b58-806e6f6e6963} - 000000000000011C,0x0053c008,000000000041FFD0,0,0000000000420FE0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (05/01/2015 03:20:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/30/2015 07:28:03 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (04/30/2015 07:16:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/29/2015 03:20:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/28/2015 03:19:39 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/27/2015 06:33:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/26/2015 11:03:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service GamesAppIntegrationService since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (05/02/2015 07:53:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.197.1088.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (05/02/2015 03:00:28 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (04/30/2015 07:19:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.1088.0).
 
Error: (04/30/2015 07:19:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.197.1088.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/30/2015 07:19:35 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.
 
New Engine Version: 
 
Previous Engine Version: 2.0.8001.0
 
Engine Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Error Code: %NT AUTHORITY601
 
Error description: %NT AUTHORITY602
 
Error: (04/30/2015 07:19:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 11.159.0.0
 
Update Source: %NT AUTHORITY15
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/29/2015 03:25:33 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (04/28/2015 03:22:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.813.0).
 
Error: (04/28/2015 03:22:22 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.197.813.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/28/2015 03:22:22 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.
 
New Engine Version: 
 
Previous Engine Version: 2.0.8001.0
 
Engine Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Error Code: %NT AUTHORITY601
 
Error description: %NT AUTHORITY602
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-13 06:32:53.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.354
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-30 10:05:34.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-30 10:05:34.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 31%
Total physical RAM: 4058.36 MB
Available physical RAM: 2796.46 MB
Total Pagefile: 8114.84 MB
Available Pagefile: 6474.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:212.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (NEW VOLUME) (Removable) (Total:29.81 GB) (Free:16.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51ED4EC9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First
Please remove this program from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • CheapCoupon
If a program will not remove skip it and keep following instructions please.


Next


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_18\bin\jp2ssv.dll No File
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
FF user.js: detected! => C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\user.js [2015-04-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-22] <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=","https://us.search.ya...F86BCF_s55_g_e"
CHR DefaultSearchKeyword: Default -> taplika.com 
CHR Plugin: (Shockwave Flash) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [keaillmajpeodnbelalgeffidfcdgiem] - C:\Program Files (x86)\LyricsContainer\125.crx [Not Found]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
C:\Program Files (x86)\globalUpdate
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-05-02 07:18 - 2015-05-02 07:18 - 00000000 ____D () C:\ProgramData\CheapCoupon
2015-05-02 03:01 - 2015-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\TerminusBoost
2015-04-19 07:22 - 2015-04-19 07:22 - 00000000 ____D () C:\Users\punjab\AppData\Roaming\MyTurboPC.com
2015-04-19 07:21 - 2015-04-24 10:40 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-04-19 07:19 - 2015-04-19 07:20 - 06431232 _____ (MyTurboPC.com) C:\Users\punjab\Downloads\Myturbopc.exe
2015-04-17 23:03 - 2015-04-17 23:03 - 00000000 ____D () C:\Users\punjab\AppData\Local\AdBlaster
2015-04-17 23:02 - 2015-04-17 23:02 - 01614456 _____ () C:\Users\punjab\Downloads\Setup(8).exe
2015-04-17 22:56 - 2015-04-17 22:57 - 00768512 _____ (Reimage®) C:\Users\punjab\Downloads\ReimageRepair.exe
2015-04-17 06:02 - 2015-04-17 06:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6EFB.tmp
2015-04-16 09:51 - 2015-04-16 09:51 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-11 19:55 - 2015-04-11 19:55 - 00000000 ____D () C:\Users\punjab\Documents\Optimizer Pro
2015-04-11 19:49 - 2015-04-27 17:54 - 00000000 ____D () C:\ProgramData\{65a8fd47-49b8-5906-65a8-8fd4749bf51d}
2015-04-11 19:49 - 2015-04-26 22:57 - 00000000 ____D () C:\Program Files (x86)\a69c3765-d22e-49c2-bc72-b4dc474f4798
2015-04-11 19:49 - 2015-04-11 19:49 - 00000000 ____D () C:\Users\punjab\AppData\Local\globalUpdate
2015-04-11 19:48 - 2015-04-11 19:48 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-04-11 19:47 - 2015-04-11 20:15 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {3E92858E-7BF8-40E0-9FCE-6871C65D94D3} - \Inst_Rep No Task File <==== ATTENTION 
Task: {ABF1F0AF-4E76-4783-A042-4BD14E7A83D5} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {E8921860-17ED-4071-81BD-B3BE08308514} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C398F948-4D5F-47DF-9A43-AC34072707DC} - System32\Tasks\4821 => Wscript.exe C:\Users\punjab\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by punjab at 2015-05-02 22:44:24 Run:1
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.6.0_18\bin\jp2ssv.dll No File
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2405105115-4192906405-531811981-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
FF user.js: detected! => C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\user.js [2015-04-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-22] <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=","https://us.search.ya...F86BCF_s55_g_e"
CHR DefaultSearchKeyword: Default -> taplika.com 
CHR Plugin: (Shockwave Flash) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [keaillmajpeodnbelalgeffidfcdgiem] - C:\Program Files (x86)\LyricsContainer\125.crx [Not Found]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
C:\Program Files (x86)\globalUpdate
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-05-02 07:18 - 2015-05-02 07:18 - 00000000 ____D () C:\ProgramData\CheapCoupon
2015-05-02 03:01 - 2015-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\TerminusBoost
2015-04-19 07:22 - 2015-04-19 07:22 - 00000000 ____D () C:\Users\punjab\AppData\Roaming\MyTurboPC.com
2015-04-19 07:21 - 2015-04-24 10:40 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
2015-04-19 07:19 - 2015-04-19 07:20 - 06431232 _____ (MyTurboPC.com) C:\Users\punjab\Downloads\Myturbopc.exe
2015-04-17 23:03 - 2015-04-17 23:03 - 00000000 ____D () C:\Users\punjab\AppData\Local\AdBlaster
2015-04-17 23:02 - 2015-04-17 23:02 - 01614456 _____ () C:\Users\punjab\Downloads\Setup(8).exe
2015-04-17 22:56 - 2015-04-17 22:57 - 00768512 _____ (Reimage®) C:\Users\punjab\Downloads\ReimageRepair.exe
2015-04-17 06:02 - 2015-04-17 06:02 - 00000000 _____ () C:\Windows\SysWOW64\sho6EFB.tmp
2015-04-16 09:51 - 2015-04-16 09:51 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-11 19:55 - 2015-04-11 19:55 - 00000000 ____D () C:\Users\punjab\Documents\Optimizer Pro
2015-04-11 19:49 - 2015-04-27 17:54 - 00000000 ____D () C:\ProgramData\{65a8fd47-49b8-5906-65a8-8fd4749bf51d}
2015-04-11 19:49 - 2015-04-26 22:57 - 00000000 ____D () C:\Program Files (x86)\a69c3765-d22e-49c2-bc72-b4dc474f4798
2015-04-11 19:49 - 2015-04-11 19:49 - 00000000 ____D () C:\Users\punjab\AppData\Local\globalUpdate
2015-04-11 19:48 - 2015-04-11 19:48 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-04-11 19:47 - 2015-04-11 20:15 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\punjab\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {3E92858E-7BF8-40E0-9FCE-6871C65D94D3} - \Inst_Rep No Task File <==== ATTENTION 
Task: {ABF1F0AF-4E76-4783-A042-4BD14E7A83D5} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {E8921860-17ED-4071-81BD-B3BE08308514} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C398F948-4D5F-47DF-9A43-AC34072707DC} - System32\Tasks\4821 => Wscript.exe C:\Users\punjab\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found. 
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} => value deleted successfully.
HKCR\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} => Key not found. 
C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\user.js => Moved successfully.
C:\Program Files (x86)\mozilla firefox\firefox.cfg => Moved successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll not found.
C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll not found.
C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll not found.
C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll not found.
C:\Windows\SysWOW64\npdeployJava1.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\keaillmajpeodnbelalgeffidfcdgiem" => Key deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
catchme => Service deleted successfully.
C:\ProgramData\CheapCoupon => Moved successfully.
C:\Program Files (x86)\TerminusBoost => Moved successfully.
C:\Users\punjab\AppData\Roaming\MyTurboPC.com => Moved successfully.
C:\ProgramData\MyTurboPC.com => Moved successfully.
C:\Users\punjab\Downloads\Myturbopc.exe => Moved successfully.
C:\Users\punjab\AppData\Local\AdBlaster => Moved successfully.
C:\Users\punjab\Downloads\Setup(8).exe => Moved successfully.
C:\Users\punjab\Downloads\ReimageRepair.exe => Moved successfully.
C:\Windows\SysWOW64\sho6EFB.tmp => Moved successfully.
C:\ProgramData\T122078ED => Moved successfully.
C:\Users\punjab\Documents\Optimizer Pro => Moved successfully.
C:\ProgramData\{65a8fd47-49b8-5906-65a8-8fd4749bf51d} => Moved successfully.
C:\Program Files (x86)\a69c3765-d22e-49c2-bc72-b4dc474f4798 => Moved successfully.
C:\Users\punjab\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Public\Documents\YTAHelper => Moved successfully.
C:\Users\Public\Documents\GOOBZO => Moved successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-2405105115-4192906405-531811981-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E92858E-7BF8-40E0-9FCE-6871C65D94D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E92858E-7BF8-40E0-9FCE-6871C65D94D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABF1F0AF-4E76-4783-A042-4BD14E7A83D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABF1F0AF-4E76-4783-A042-4BD14E7A83D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8921860-17ED-4071-81BD-B3BE08308514}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8921860-17ED-4071-81BD-B3BE08308514}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C398F948-4D5F-47DF-9A43-AC34072707DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C398F948-4D5F-47DF-9A43-AC34072707DC}" => Key deleted successfully.
C:\Windows\System32\Tasks\4821 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4821" => Key deleted successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {5CB87517-93D0-4E07-986B-A35F716F97AD}.
{1ED356F9-3AB0-4D1E-B09D-385D04BE6345} canceled.
{45416294-7E4A-4578-9FC9-D08259826120} canceled.
2 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:46:25 ====

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

#5
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts
# AdwCleaner v4.203 - Logfile created 02/05/2015 at 23:54:42
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : punjab - PUNJAB-PC
# Running from : C:\Users\punjab\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\InstallSightSDK
Folder Deleted : C:\ProgramData\1e8b82f200000dfa
Folder Deleted : C:\Program Files (x86)\FlvPlayer
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\Norton Safe Web Lite
Folder Deleted : C:\Users\punjab\AppData\Local\Browser Extensions
Folder Deleted : C:\Users\punjab\AppData\LocalLow\Delta
Folder Deleted : C:\Users\punjab\AppData\Roaming\Babylon
Folder Deleted : C:\Users\punjab\Documents\ProPCCleaner
File Deleted : C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\edaikkjcipbnkplpaecabmeggakeeihg
File Deleted : C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\invalidprefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{ba5b6935-63e1-431c-8fc6-7504512d2b94}]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\27cc68d9-e515-58cb-4be0-946aac808022
Key Deleted : HKLM\SOFTWARE\6618938d-0b13-4433-8535-a7b10269f454
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a9c2ee8a}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\MyTurboPC.com
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\MyTurboPC.com
Key Deleted : HKU\.DEFAULT\Software\Goobzo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NST
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16912
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_captaind_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtDyBtDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAzz0FtByD0D0F0FtGtD0AyCyBtGtCtD0B0EtG0E0FyC0CtGyC0CtDyD0A0AyE0DzyyE0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=622651009&ir=
[C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=
[C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333528&octid=EB_ORIGINAL_CTID&ISID=MF5C7CEFA-3FFB-448F-8965-D6EF5E5F4ACA&SearchSource=58&CUI=&UM=8&UP=SPC867A0BA-827E-4191-9225-12D30DE13C7C&q={searchTerms}&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [10390 bytes] - [02/05/2015 23:49:10]
AdwCleaner[S0].txt - [9978 bytes] - [02/05/2015 23:54:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10037  bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.7 (04.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by punjab on Sat 05/02/2015 at 23:59:21.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\pcdr
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\punjab\AppData\Roaming\mozilla\firefox\profiles\n3jc718h.default\minidumps [362 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/03/2015 at  0:03:05.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Can you run a malwarebytes scan and post it even if it's clean. If you already have Malwarebytes you may skip the download part.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log to your next reply.

  • 0

#7
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/3/2015
Scan Time: 10:39:04 AM
Logfile: 2015-05-03 mwb.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.03.04
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: punjab
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369359
Time Elapsed: 23 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [f24ecec195f550e60a02ff63ca3be917], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.DownloadAdmin.C, C:\Users\punjab\Downloads\Setup(10).exe, Quarantined, [360a4d428703ba7c9e3268e709f960a0], 
PUP.Optional.DownloadAdmin.C, C:\Users\punjab\Downloads\Setup(9).exe, Quarantined, [4ff10c83f4968caa7a56c68911f1f60a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

What issues remain and in what browser ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#9
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by punjab (administrator) on PUNJAB-PC on 03-05-2015 19:31:40
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-02] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-10-15]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-27] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-27] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-11-05] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default
FF DefaultSearchEngine.US: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2015-01-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - WEB - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\[email protected] [2011-08-15]
FF Extension: azhangcloudaclcom - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\[email protected] [2015-04-15]
FF Extension: Roaming Rate - C:\Users\punjab\AppData\Roaming\Mozilla\Firefox\Profiles\n3jc718h.default\Extensions\{4084a2c4-f836-4884-9f5d-b4e31cc13dda}.xpi [2015-04-16]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST [2015-05-02]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tight2_15_06&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtBzyyC0AyDyEyCzzyC0DyEtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0F0FyBtAzyzyzytG0A0C0A0EtGyE0B0DyDtG0ByDzy0AtGtAtD0Ezz0E0DyEyByBtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0BzzyE0BtByBtGtC0D0A0FtGyEtD0A0FtGzy0B0AtDtG0AtBtCyEtD0B0C0C0BzyyEyE2Q&cr=1354099757&ir=",
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\punjab\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (YouTube) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Google Search) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (epindigjbiphgfhnmlpcocaiafjgbabe) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Skype Click to Call) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-20]
CHR Extension: (Google Wallet) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (Gmail) - C:\Users\punjab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 a9c2ee8a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\TerminusBoost\TerminusBoost.dll",serv
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 19:31 - 2015-05-03 19:32 - 00019675 _____ () C:\Users\punjab\Desktop\FRST.txt
2015-05-02 23:59 - 2015-05-02 23:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PUNJAB-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-02 23:59 - 2015-05-02 23:59 - 00000000 ____D () C:\RegBackup
2015-05-02 23:49 - 2015-05-02 23:54 - 00000000 ____D () C:\AdwCleaner
2015-05-02 23:48 - 2015-05-02 23:44 - 02716306 _____ (Thisisu) C:\Users\punjab\Desktop\JRT.exe
2015-05-02 23:48 - 2015-05-02 23:43 - 02204160 _____ () C:\Users\punjab\Desktop\adwcleaner_4.203.exe
2015-05-02 21:40 - 2015-05-03 19:31 - 00000000 ____D () C:\FRST
2015-05-02 21:40 - 2015-05-02 21:34 - 02101248 _____ (Farbar) C:\Users\punjab\Desktop\FRST64.exe
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Windows\system32\SPReview
2015-04-26 16:23 - 2015-05-03 11:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 16:23 - 2015-04-26 16:23 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-26 16:23 - 2015-04-26 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 16:23 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 16:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-26 16:22 - 2015-04-26 16:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\punjab\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-26 15:52 - 2015-04-26 16:03 - 00000000 ____D () C:\Users\punjab\Desktop\Slim In 6
2015-04-22 21:21 - 2015-05-02 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-16 09:44 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-04-16 09:44 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-04-16 09:41 - 2015-04-16 09:41 - 01101552 _____ (Installer Setup) C:\Users\punjab\Downloads\Setup(7).exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00000000 ____D () C:\Windows\pss
2015-04-11 20:17 - 2015-04-15 09:33 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-11 19:47 - 2015-04-11 20:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashRpt
2015-04-11 19:46 - 2015-04-11 19:46 - 00000000 ____D () C:\ProgramData\DVD Shrink
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 19:30 - 2012-05-21 15:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 19:30 - 2011-03-17 18:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 19:30 - 2010-09-25 03:50 - 01177010 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 16:49 - 2009-07-14 01:13 - 00779788 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 11:12 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 11:12 - 2009-07-14 00:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 11:04 - 2014-01-12 22:33 - 00000000 ____D () C:\Windows\Minidump
2015-05-03 11:04 - 2010-10-17 03:22 - 01125376 _____ () C:\Windows\PFRO.log
2015-05-03 11:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 11:04 - 2009-07-14 00:51 - 00101136 _____ () C:\Windows\setupact.log
2015-05-02 22:54 - 2010-09-25 04:57 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-05-02 22:51 - 2014-12-11 20:43 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-02 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-02 22:44 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-02 22:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-02 21:39 - 2014-02-09 17:27 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-02 19:49 - 2012-06-02 10:44 - 00000000 ____D () C:\Users\punjab\AppData\Local\CrashDumps
2015-04-27 15:35 - 2014-07-27 10:29 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-04-27 15:30 - 2012-05-21 15:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-27 15:30 - 2012-05-21 15:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-27 15:30 - 2011-12-04 08:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-26 23:05 - 2012-11-04 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 23:05 - 2010-09-25 06:42 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 17:11 - 2011-01-19 15:07 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-04-21 17:11 - 2010-09-25 04:13 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 23:10 - 2012-11-04 14:30 - 00000927 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 23:10 - 2010-10-15 16:56 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 23:10 - 2010-10-15 16:55 - 00001068 _____ () C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-15 09:17 - 2012-12-16 15:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 09:16 - 2013-08-13 06:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 09:08 - 2010-10-22 11:59 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-13 19:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 20:44 - 2010-09-25 04:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-11 20:44 - 2010-09-25 04:49 - 00000000 ____D () C:\ProgramData\Skype
2015-04-11 20:37 - 2011-01-19 19:13 - 00000000 ____D () C:\Program Files (x86)\The Learning Company
2015-04-11 20:09 - 2012-05-05 14:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-11 20:03 - 2011-03-17 18:23 - 00000000 ____D () C:\Users\punjab\AppData\Local\Google
2015-04-11 19:59 - 2010-09-25 04:33 - 00000000 ____D () C:\ProgramData\Cozi
2015-04-10 20:50 - 2014-09-14 09:21 - 00000000 ____D () C:\Users\punjab\Documents\Recipes
2015-04-03 09:30 - 2010-10-15 16:52 - 00000000 ____D () C:\Users\punjab
2015-04-03 09:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2015-04-19 07:22 - 2015-04-23 22:23 - 0000115 _____ () C:\Users\punjab\AppData\Roaming\LogFile.txt
2014-12-06 18:49 - 2014-12-06 18:49 - 0000047 _____ () C:\Users\punjab\AppData\Roaming\WB.CFG
2015-02-07 19:03 - 2015-02-07 19:03 - 0000088 _____ () C:\Users\punjab\AppData\Local\46771c555068ec9634c2e77ff09000ce
2015-02-07 23:17 - 2015-02-07 23:17 - 0000001 _____ () C:\Users\punjab\AppData\Local\DSI.DAT
2011-11-10 14:09 - 2011-11-10 14:09 - 0000000 _____ () C:\Users\punjab\AppData\Local\{0DBE7D26-A085-4542-B048-02DE7A2F970B}
2011-12-03 18:50 - 2011-12-03 18:50 - 0000000 _____ () C:\Users\punjab\AppData\Local\{1C1E1EF6-8B4F-4A82-9334-07E7764F6FA4}
2011-11-10 14:11 - 2011-11-10 14:11 - 0000000 _____ () C:\Users\punjab\AppData\Local\{2E750281-8A02-46E6-9163-F2C4CB50EE92}
2011-11-04 17:40 - 2011-11-04 17:40 - 0000000 _____ () C:\Users\punjab\AppData\Local\{765B080F-BED4-4E8E-8641-F4971040A371}
2012-03-08 23:16 - 2012-03-09 10:23 - 0000432 _____ () C:\ProgramData\3z4TWdYrN4O8pS
2010-11-06 14:23 - 2010-11-06 14:23 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2013-03-24 17:55 - 2013-03-24 18:35 - 0004715 _____ () C:\ProgramData\hpzinstall.log
2012-03-08 23:16 - 2012-03-09 10:20 - 0000288 _____ () C:\ProgramData\~3z4TWdYrN4O8pS
2012-03-08 23:16 - 2012-03-09 10:20 - 0000200 _____ () C:\ProgramData\~3z4TWdYrN4O8pSr
 
Some content of TEMP:
====================
C:\Users\punjab\AppData\Local\Temp\Quarantine.exe
C:\Users\punjab\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-27 18:31
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by punjab at 2015-05-03 19:33:24
Running from C:\Users\punjab\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2405105115-4192906405-531811981-500 - Administrator - Disabled)
Guest (S-1-5-21-2405105115-4192906405-531811981-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2405105115-4192906405-531811981-1002 - Limited - Enabled)
punjab (S-1-5-21-2405105115-4192906405-531811981-1000 - Administrator - Enabled) => C:\Users\punjab
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510nz_Help_Web (x32 Version: 000.0.440.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz_web (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Adventures Deluxe (HKLM-x32\...\Bookworm Adventures Deluxe) (Version:  - PopCap Games)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon iP100 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series) (Version:  - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Chuzzle Deluxe (HKLM-x32\...\am-chuzzledeluxe) (Version:  - gamehouse)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.40 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 4500 G510n-z (HKLM\...\{F27CFD16-939A-4232-98CD-180898D14713}) (Version: 13.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft Packages (HKU\S-1-5-21-2405105115-4192906405-531811981-1000\...\Minecraft Packages) (Version:  - ) <==== ATTENTION
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Plants vs. Zombies™ (HKLM-x32\...\am-plantsvszombiestm) (Version:  - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM-x32\...\{0E433CFD-B6FF-4D4E-A081-BB1A680D19A1}) (Version: 1.0.3 - Smith Micro Software, Inc.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.67.0 - Verizon)
VZAccess Manager (HKLM-x32\...\{4F6471D6-9D91-4699-BA1A-B7AD33E46546}) (Version: 7.3.11.1 - Smith Micro Software Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.11.2 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\Zuma Deluxe) (Version:  - PopCap Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-04-2015 03:25:38 Scheduled Checkpoint
30-04-2015 06:57:49 Windows Update
30-04-2015 07:17:53 Windows Update
01-05-2015 03:00:37 Windows Update
02-05-2015 03:00:39 Windows Update
02-05-2015 22:44:27 Restore Point Created by FRST
02-05-2015 23:01:50 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-05-02 22:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {33F08EFF-1CDC-4874-8BAB-099738B985AD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3A890F8F-9103-45BC-8816-B0F796359CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {521C9137-7AFD-4884-A888-3D1B786C8B17} - System32\Tasks\{B41442BC-4BC7-43A5-BE64-A0E6D816CDB5} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM0H498G\BWASetup[1].exe" -d C:\Users\punjab\Desktop
Task: {549C35A4-01F8-4EC3-95C7-C6BCC576A7AA} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {7E1E0C3A-5819-4973-8F37-491DEDB88693} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9685888C-081B-42BD-8235-3B29E171EBBF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2405105115-4192906405-531811981-1000
Task: {9A1E1279-367A-44A3-B917-C43AD4BBDA6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9E5C990-D962-4015-A273-343C06D7204D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {AF3F8A19-5758-4739-8A5D-783B3D387A19} - System32\Tasks\{F2BCF66D-6CD5-426F-80DE-7DE3BAACCA4E} => pcalua.exe -a "C:\Users\punjab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7XUDWO2\download[1].exe" -d C:\Users\punjab\Desktop
Task: {B422DBB2-CF3A-4D6C-A353-B8196214A008} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CF11E501-3AF3-4D05-A484-F6EFA487F1D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-09-25 04:58 - 2010-05-21 13:00 - 00783680 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-12-04 05:36 - 2012-12-04 05:36 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\3d8291e96c1f38d0ef71531fc871d956\VistaBridgeLibrary.ni.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2010-09-25 04:57 - 2010-05-21 12:58 - 00116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 01123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-09-25 04:57 - 2010-05-21 12:59 - 00079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-09-25 04:57 - 2010-05-21 12:58 - 00121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2010-02-09 14:34 - 2010-02-09 14:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2012-12-04 05:16 - 2012-12-04 05:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f08caa57275e16ad5cfaf4483f93b658\IsdiInterop.ni.dll
2010-09-25 04:24 - 2010-06-08 11:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2405105115-4192906405-531811981-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\punjab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupfolder: C:^Users^punjab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{91866116-323E-4EF8-B643-264F1A26ACE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{F8A71591-2002-4C27-883A-BED4AD3D3B73}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7E88D1E6-7048-4652-8859-B6A812A9C94D}] => (Allow) svchost.exe
FirewallRules: [{FBC957E6-AEA8-4AB1-B018-DD8C4DD40EE5}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{CF382154-C18B-4EE3-84BB-3912A7FB0547}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{043D53BF-A604-42D8-95DD-B7EF7E9D1D2F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{CD55F3B1-AEAD-4689-A3FF-A4C462D35B11}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2B000A0F-B612-44DC-A061-7E3118A4D0CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D1890E30-DBF0-4D44-B2AD-1B8C54DEEC68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B106997-A1EE-44A6-ADDA-5D47D220F896}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8992EAF-AE3C-4381-964B-9E6145A4593B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D49AF95-A0A1-4CED-BFAC-ECC793CB61F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22571417-722B-4D52-8A9E-0890B2AFE0A2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{BB810BD3-CBAE-4D8F-B5D2-3A2AD88DE0D3}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{BCF03F22-A20F-4554-BEE1-5AEAE4E07F56}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
FirewallRules: [{07C95A63-739F-498B-9325-A58D0E98A609}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [{C152E402-5859-4C5D-ABE1-4DDB8F971419}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
FirewallRules: [TCP Query User{5DC28558-4FAC-4747-9183-C5AD2157D4BC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1BB3BC9D-C472-4C2E-9485-FE430F024B97}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{D54144EE-C11D-4B69-95F4-6D381207D1F0}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{381186E3-7418-4A9A-9804-6550D7841A11}] => (Allow) C:\Users\punjab\AppData\Local\Temp\Incredibar_install.exe
FirewallRules: [{1F82158C-58EE-43BE-ABA8-9209B8BC2D2E}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{03825541-A0CC-43B2-94D7-59E77C162A77}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8E591CA5-1865-43F9-8534-D380DBAAC353}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6225CC01-E2A0-4D6F-BD70-9E4E988D32CA}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{85B83C72-80E5-419C-8AAA-6FECA696E774}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A606E1DF-B246-4862-9966-1443C24018DD}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{8979AF37-9B2B-46E0-9F74-3E26D5630D8A}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{4CE02929-4611-492F-85CF-0BB3CDB08062}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{6574F663-419D-481F-A6E1-2643087024F6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{C2E53016-3EB4-4EF4-8038-E17B01673DD9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{6475E007-DEB1-4EE8-99D7-0C2F40B52186}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{DCB93EDE-E197-405D-8CED-8DA34ACC5040}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{36737D09-2E1E-42E6-89E3-AA32D3CA011E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{30CED065-968D-4175-B62F-235A7A6FEED5}] => (Allow) C:\Users\punjab\AppData\Local\Temp\HP\OJ4500vG510n-z_Basic_13_en\setup\hpznui40.exe
FirewallRules: [{D47ECA4D-2334-402B-8058-C01BF6FE70DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C961D5C4-953A-45F2-AFA8-5B441B04BDBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{919F25F8-4992-4AF2-976B-7106A76E68A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9CFC3D98-E170-460A-B1D0-DA0A3E66265E}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{531DEB25-B2D7-4699-8E2E-CB7D215C9389}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{B517595C-7012-48A6-A407-4ED0F4494585}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{217FCE57-518E-45B8-B5EB-1C8507D0A18D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{9FB44038-C94E-4D65-B57F-6BF3CAAD9093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34AED249-38DB-4544-B71D-9619BEE1DB0B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7AA0AFE-13F8-43D9-AD69-FCAD8418E167}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
FirewallRules: [{D53661C6-93DC-42FB-B4A1-74CC365F38FD}] => (Allow) C:\Users\punjab\AppData\Local\Temp\ctmpua.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/03/2015 01:27:10 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a2e36b31-c878-11df-8b58-806e6f6e6963} - 0000000000000120,0x0053c008,000000000038C5E0,0,000000000038D5F0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (05/03/2015 11:03:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.
 
Error: (05/03/2015 11:03:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]
 
Error: (05/03/2015 11:03:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x800705aa, Insufficient system resources exist to complete the requested service.
]
 
Error: (05/03/2015 00:07:03 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (05/03/2015 00:07:03 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
 
Error: (05/02/2015 07:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1270
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
 
Error: (05/02/2015 07:49:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b8
 
Start Time: 01d08531b887f106
 
Termination Time: 126
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: cf9d6f05-f125-11e4-ab44-061bb145308c
 
Error: (05/02/2015 03:00:33 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{a2e36b31-c878-11df-8b58-806e6f6e6963} - 000000000000011C,0x0053c008,000000000041FFD0,0,0000000000420FE0,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (05/01/2015 03:20:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/03/2015 01:27:07 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.
 
Error: (05/03/2015 11:05:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/03/2015 11:04:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
Error: (05/03/2015 11:04:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TerminusBoost service to connect.
 
Error: (05/03/2015 00:00:57 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: 
%%1056
 
Error: (05/03/2015 00:00:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2015 11:59:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/02/2015 11:59:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2015 11:59:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 11:59:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-08-13 06:32:53.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.463
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 06:32:53.354
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-30 10:05:34.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-30 10:05:34.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 27%
Total physical RAM: 4058.36 MB
Available physical RAM: 2935.78 MB
Total Pagefile: 8114.84 MB
Available Pagefile: 6707.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:211.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (NEW VOLUME) (Removable) (Total:29.81 GB) (Free:16.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 51ED4EC9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll No File
C:\Users\punjab\AppData\Local\Temp\Quarantine.exe
C:\Users\punjab\AppData\Local\Temp\sqlite3.dll
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Reset your Chrome browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Post the;
1-fixlog.txt
2-Checkup.txt

Let me know how things are after you run the computer for a while.

Thanks
Joe
  • 0

Advertisements


#11
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts

1 - I don't have Google Chrome on that machine

2 - I am still getting redirects and pop-ups when I use Firefox.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by punjab at 2015-05-03 21:32:31 Run:2
Running from C:\Users\punjab\Desktop
Loaded Profiles: punjab (Available profiles: punjab)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\coIEPlg.dll No File
C:\Users\punjab\AppData\Local\Temp\Quarantine.exe
C:\Users\punjab\AppData\Local\Temp\sqlite3.dll
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}" => Key deleted successfully.
C:\Users\punjab\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\punjab\AppData\Local\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 10.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:32:55 ====
 

 Results of screen317's Security Check version 1.001  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (37.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

You need to visit windows up date and install service pack 1 for windows 7. Can you visit windows up date for me.

I will not return until 4 pm today EST.
  • 0

#13
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts

I tried to update Windows 7 to SP1 but it wouldn't let me do it.

 

I guess we have more issues than we thought.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
There's always more issues then we expect, there's issues around every corner.

What was the error code you received if any ?
  • 0

#15
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 292 posts

Code: 80070103  

Windows Update encountered an unknown error.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP