Jump to content

FBI MONEYPAK VIRUS


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS.txt :
.
=============== Created Last 30 ================
.
2013-08-29 22:25:52 699536 ----a-w- C:\Program Files (x86)\4aUninstall Astrology.dll
2013-08-29 22:25:52 172448 ----a-w- C:\Program Files (x86)\4ares.dll
2013-08-29 06:07:01 -------- d-----w- C:\FRST
2013-08-29 00:39:16 201216 ----a-w- C:\ProgramData\qfpgsrv.exe
2013-08-28 22:12:39 -------- d-----w- C:\ProgramData\sipi
2013-08-21 06:07:24 -------- d-----w- C:\Users\Laura\AppData\Local\ElevatedDiagnostics
2013-08-19 10:40:11 -------- d-----w- C:\Users\Laura\AppData\Roaming\PowerISO
2013-08-19 09:18:48 -------- d-----w- C:\Users\Laura\AppData\Local\ATI
2013-08-19 08:12:05 -------- d-----w- C:\Users\Laura\AppData\Local\Performersoft
2013-08-19 08:11:45 -------- d-----w- C:\ProgramData\IBUpdaterService
2013-08-19 07:54:43 -------- d-----w- C:\Users\Laura\AppData\Local\TopArcadeHits
2013-08-19 07:49:30 -------- d-----w- C:\Users\Laura\AppData\Roaming\Systweak
2013-08-19 07:49:06 -------- d-----w- C:\Users\Laura\AppData\Roaming\DSite
2013-08-16 01:52:08 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-08-16 01:50:53 -------- d-----w- C:\ProgramData\Tarma Installer
2013-08-16 00:05:35 -------- d-----w- C:\Users\Laura\AppData\Roaming\Nico Mak Computing
2013-08-16 00:05:19 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-08-16 00:04:41 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-14 02:42:06 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-08-14 02:42:05 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-08-14 02:42:03 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-08-14 02:42:02 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-08-14 02:42:01 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-08-14 02:42:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-14 02:25:21 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 01:00:38 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 01:00:37 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 01:00:34 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 01:00:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 01:00:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 01:00:29 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 01:00:28 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 01:00:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 00:59:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-14 00:59:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 00:59:37 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-14 00:59:35 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 00:59:29 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 00:59:26 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-31 20:32:58 0 ----a-w- C:\Windows\SysWow64\sho83BA.tmp
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-29 22:48:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 22:48:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-29 22:48:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 18:59:48.83 ===============




attach.txt :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/1/2011 4:53:22 PM
System Uptime: 8/29/2013 5:31:16 PM (1 hours ago)
.
Motherboard: eMachines |  | HM50-BZ
Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 232.572 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_05201025&REV_C0\4&1F5B09F0&0&00AA
Manufacturer: 
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_05201025&REV_C0\4&1F5B09F0&0&00AA
Service: 
.
==== System Restore Points ===================
.
RP106: 8/1/2013 8:08:53 AM - Scheduled Checkpoint
RP107: 8/11/2013 12:14:37 AM - Scheduled Checkpoint
RP108: 8/13/2013 9:22:23 PM - Windows Update
RP109: 8/19/2013 8:54:09 PM - Windows Update
RP110: 8/20/2013 8:13:49 AM - Installed DAEMON Tools
RP111: 8/20/2013 8:23:46 AM - Installed DAEMON Tools
RP112: 8/29/2013 5:15:31 PM - Removed Adobe Reader X (10.1.7) MUI.
RP113: 8/29/2013 5:26:37 PM - Removed Atheros Communications Inc.® AR81Family Gigabit/Fast E™=ÿ
RP114: 8/29/2013 5:28:34 PM - Removed Skype™ 6.7
RP115: 8/29/2013 6:41:56 PM - Removed Adobe Reader X (10.1.7) MUI.
.
==== Installed Programs ======================
.
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD VISION Engine Control Center
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chronicles of Albian
Chuzzle Deluxe
Cisco Connect
Conexant HD Audio
Cradle of Rome 2
D3DX10
DefaultTab
DomaIQ
Dora's World Adventure
eBay Worldwide
eMachines Games
eMachines Power Management
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ETDWare PS/2-X64 8.0.6.0_WHQL
Facebook Video Calling 1.2.0.287
FATE: The Cursed King
Final Drive: Nitro
FlashPlayer
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
InternetHelper3  Firefox Toolbar
Java 7 Update 25
Java Auto Updater
Jewel Match 3
Junk Mail filter update
Launch Manager
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
NTI Media Maker 9
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
PricePeep for Internet Explorer
RadioHoops Toolbar
Realtek USB 2.0 Card Reader
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Sendori
Skype™ 6.7
Strongvault Online Backup
Supreme Savings
swMSM
TelevisionFanatic Toolbar
Times Reader
Torchlight
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
Video Web Camera
VIPRE Internet Security
Virtual Villagers 5 - New Believers
Visual Studio 2008 x64 Redistributables
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/29/2013 5:41:40 PM, Error: Service Control Manager [7034]  - The TelevisionFanaticService service terminated unexpectedly.  It has done this 1 time(s).
8/29/2013 5:41:34 PM, Error: Service Control Manager [7034]  - The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).
8/29/2013 4:58:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/29/2013 4:58:12 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:56:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
8/29/2013 4:48:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/29/2013 4:48:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/29/2013 4:48:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/29/2013 4:48:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/29/2013 4:48:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/29/2013 4:48:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/29/2013 4:47:11 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbFw SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/29/2013 4:47:10 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/29/2013 4:47:03 PM, Error: Service Control Manager [7001]  - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 3:50:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
8/29/2013 3:49:53 PM, Error: Service Control Manager [7000]  - The Link-Layer Topology Discovery Responder service failed to start due to the following error:  The driver was not loaded because the system is booting into safe mode.
8/29/2013 3:49:53 PM, Error: Service Control Manager [7000]  - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error:  The driver was not loaded because the system is booting into safe mode.
8/29/2013 12:17:43 AM, Error: Service Control Manager [7038]  - The PNRPsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/29/2013 12:17:43 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The service did not start due to a logon failure.
8/29/2013 12:17:43 AM, Error: Service Control Manager [7000]  - The Peer Name Resolution Protocol service failed to start due to the following error:  The service did not start due to a logon failure.
8/29/2013 12:15:30 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/29/2013 12:15:12 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache SCDEmu spldr Wanarpv6
8/29/2013 12:14:04 AM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
8/29/2013 12:11:39 AM, Error: Service Control Manager [7034]  - The sndappv2 service terminated unexpectedly.  It has done this 1 time(s).
8/29/2013 12:11:38 AM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.
8/28/2013 9:24:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
8/28/2013 8:58:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
8/28/2013 8:56:57 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{8A26AE4B-2908-4865-BD73-04959FB9E6AF} because another computer on the network has the same name.  The server could not start.
8/28/2013 8:55:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/28/2013 8:45:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
8/28/2013 12:48:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/28/2013 11:11:09 AM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/27/2013 12:00:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 
Link to post
Share on other sites

I apologize I am using a laptop mouse it didnt allow me to select all I right clicked select all this time here is the dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Laura at 18:58:36 on 2013-08-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2795.1453 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\CxAudMsg64.exe
C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Laura\Downloads\RogueKillerX64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - 
mURLSearchHooks: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - 
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - 
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - 
BHO: Drop Pad Web Backup: {25DA541F-6ACF-4052-A8AA-1D58284729C7} - 
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: RadioHoops Toolbar: {0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF} - 
TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - 
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
TB: RadioHoops Toolbar: {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - 
uRun: [Facebook Update] "C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [backupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
mRun: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe
mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [sMessaging] C:\Users\Laura\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\Laura\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\Sendori.dll
TCP: NameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF} : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\24C65756341647 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\34963736F60373131363 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\6457E6029637E6470266275656 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\7456470297F602F677E60277966696 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\7656470297F602F677E60277966696 : DHCPNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
TCP: Interfaces\{8A26AE4B-2908-4865-BD73-04959FB9E6AF}\B4F66716C616B6 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [sBRegRebootCleaner] "c:\users\laura\appdata\local\temp\Downloads\CartSdk\sbrc.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-6-29 258848]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-31 204288]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-9-29 198784]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-4-2 107520]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-31 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2011-9-29 872552]
R2 gfi_lanss10_attservice;GFI LanGuard 10 Attendant Service;C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [2012-10-24 115568]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-1-17 39528]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-7-31 244624]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-10-25 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-10-24 82872]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-10-25 175496]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-7-31 114704]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-31 138024]
R3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-6-29 39504]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-6-29 120608]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-10-24 86816]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-29 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S2 TelevisionFanaticService;TelevisionFanaticService;C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [2012-6-24 42504]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-7-31 246376]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-6-29 120608]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2013-6-29 61216]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-29 22:25:52 699536 ----a-w- C:\Program Files (x86)\4aUninstall Astrology.dll
2013-08-29 22:25:52 172448 ----a-w- C:\Program Files (x86)\4ares.dll
2013-08-29 06:07:01 -------- d-----w- C:\FRST
2013-08-29 00:39:16 201216 ----a-w- C:\ProgramData\qfpgsrv.exe
2013-08-28 22:12:39 -------- d-----w- C:\ProgramData\sipi
2013-08-21 06:07:24 -------- d-----w- C:\Users\Laura\AppData\Local\ElevatedDiagnostics
2013-08-19 10:40:11 -------- d-----w- C:\Users\Laura\AppData\Roaming\PowerISO
2013-08-19 09:18:48 -------- d-----w- C:\Users\Laura\AppData\Local\ATI
2013-08-19 08:12:05 -------- d-----w- C:\Users\Laura\AppData\Local\Performersoft
2013-08-19 08:11:45 -------- d-----w- C:\ProgramData\IBUpdaterService
2013-08-19 07:54:43 -------- d-----w- C:\Users\Laura\AppData\Local\TopArcadeHits
2013-08-19 07:49:30 -------- d-----w- C:\Users\Laura\AppData\Roaming\Systweak
2013-08-19 07:49:06 -------- d-----w- C:\Users\Laura\AppData\Roaming\DSite
2013-08-16 01:52:08 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-08-16 01:50:53 -------- d-----w- C:\ProgramData\Tarma Installer
2013-08-16 00:05:35 -------- d-----w- C:\Users\Laura\AppData\Roaming\Nico Mak Computing
2013-08-16 00:05:19 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-08-16 00:04:41 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer
2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-14 02:42:09 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-14 02:42:06 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-08-14 02:42:05 356864 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-08-14 02:42:03 236032 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-08-14 02:42:02 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-08-14 02:42:01 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-08-14 02:42:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-14 02:25:21 -------- d-----w- C:\Windows\System32\MRT
2013-08-14 01:00:38 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 01:00:37 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 01:00:34 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 01:00:33 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 01:00:30 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 01:00:29 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 01:00:28 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 01:00:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 00:59:52 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-08-14 00:59:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 00:59:37 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-14 00:59:35 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 00:59:29 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 00:59:26 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-31 20:32:58 0 ----a-w- C:\Windows\SysWow64\sho83BA.tmp
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-01 16:49:06 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
2013-06-29 22:48:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 22:48:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-29 22:48:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 18:59:48.83 ===============




and here is the RKreport

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Laura [Admin rights]
Mode : Scan -- Date : 08/29/2013 18:53:44
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] SMessaging.exe -- C:\Users\Laura\AppData\Local\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Run : SBRegRebootCleaner ("c:\users\laura\appdata\local\temp\Downloads\CartSdk\sbrc.exe" [x]) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SMessaging (C:\Users\Laura\AppData\Local\Strongvault Online Backup\SMessaging.exe [7]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] DSite.job : C:\Users\Laura\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] DSite : C:\Users\Laura\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][sUSP PATH] Updater19962.exe : C:\Users\Laura\AppData\Local\Updater19962\Updater19962.exe - /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 ATA Device +++++
--- User ---
[MBR] 03fb63b1cf7ec6c74bfb57dcc2b82ce2
[bSP] f57bc5b4d05c21b5d8ec02135f57c71a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 289783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08292013_185344.txt >>
 
 
 
 
Link to post
Share on other sites

I don't see any FBI virus in the logs, there's a lot of adware on the system though.

To be sure it's all gone.......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Laura (administrator) on 29-08-2013 19:56:24
Running from C:\Users\Laura\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
() C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\Mantle.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Strongvault LLC) C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [sBRegRebootCleaner] - "c:\users\laura\appdata\local\temp\Downloads\CartSdk\sbrc.exe" [x] <===== ATTENTION
HKCU\...\Run: [Facebook Update] - C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-14] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [backupAgent] - C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe [197448 2013-02-28] (Strongvault LLC)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [x]
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] - C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe [42536 2012-06-24] (MindSpark)
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] - C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe [30096 2012-06-24] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [searchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [x]
HKLM-x32\...\Run: [sMessaging] - C:\Users\Laura\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [sBAMTray] - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe [3149704 2012-10-25] (GFI Software)
HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll [154144 2010-07-29] ()
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid={8DCDBEA2-D20A-49B5-93C0-28C7596A01AC}&mid=fb8cf38c435e47d18d746939b21e1a25-2fd77287e851ce339daa28563171d0cd1fb624b2〈=en&ds=co011&pr=sa&d=2013-08-19 02:50:53&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.yahoo.com?type=293224&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119666&tt=gc_&babsrc=HP_ss&mntrId=EE189439E5460625
URLSearchHook: (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} -  No File
URLSearchHook: (No Name) - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} -  No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={27FE6AFA-9362-11E2-B5BF-B870F4FAF3D6}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={27FE6AFA-9362-11E2-B5BF-B870F4FAF3D6}
SearchScopes: HKCU - DefaultScope {39EFEA57-E38F-41A9-A9FD-18573B3AAFDC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKCU - {39EFEA57-E38F-41A9-A9FD-18573B3AAFDC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
SearchScopes: HKCU - {507E2261-EDE7-49BD-81E9-7991A444E2C6} URL = http://www.mysearchresults.com/search?c=3254&t=15&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: RadioHoops Toolbar - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - C:\Program Files (x86)\RadioHoops\prxtbRadi.dll No File
BHO-x32: Supreme Savings - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll No File
BHO-x32: Drop Pad Web Backup - {25DA541F-6ACF-4052-A8AA-1D58284729C7} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (MindSpark)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll No File
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
Toolbar: HKLM-x32 - RadioHoops Toolbar - {0c3110f6-a2e6-4b6f-9516-6dc345e1f7ef} - C:\Program Files (x86)\RadioHoops\prxtbRadi.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF} -  No File
Toolbar: HKCU - No Name - {C98D5B61-B0EA-4D48-9839-1079D352D880} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 24.159.193.40 24.205.224.36 68.190.192.35
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Laura\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\Astrology_4a\bar\1.bin\NP4aStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Laura\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Speed Analysis 2) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf\1.0.0.4_0
CHR Extension: (Web Backup Drop Pad) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0_0
CHR Extension: (Cool Smiley Bar for Facebook) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\Laura\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx
CHR HKLM-x32\...\Chrome\Extension: [hacjidbllfnlecmikihhjphlicpbepih] - C:\Program Files (x86)\Strongvault Online Backup\DropPad.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Laura\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Laura\AppData\Roaming\PlusWinks\pluswinks.crx
 
==================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 DefaultTabUpdate; C:\Users\Laura\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-04-02] ()
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 gfi_lanss10_attservice; C:\Program Files (x86)\GFI Software\VIPRE\LanGuard 10 Agent\lnssatt.exe [115568 2012-10-24] (GFI Software Development Ltd.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [39528 2011-01-17] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [3677000 2012-10-25] (GFI Software)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [175496 2012-10-25] (GFI Software)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [42504 2012-06-24] (COMPANYVERS_NAME)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 L1C; system32\DRIVERS\L1C62x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-29 19:00 - 2013-08-29 19:00 - 00017544 _____ C:\Users\Laura\Desktop\attach.txt
2013-08-29 19:00 - 2013-08-29 18:59 - 00020286 _____ C:\Users\Laura\Desktop\dds.txt
2013-08-29 18:58 - 2013-08-29 18:58 - 00688992 ____R (Swearware) C:\Users\Laura\Downloads\dds.com
2013-08-29 18:53 - 2013-08-29 18:53 - 00002402 _____ C:\Users\Laura\Desktop\RKreport[0]_S_08292013_185344.txt
2013-08-29 18:49 - 2013-08-29 19:56 - 00000000 ____D C:\Users\Laura\Desktop\RK_Quarantine
2013-08-29 18:49 - 2013-08-29 18:49 - 03771904 _____ C:\Users\Laura\Downloads\RogueKillerX64.exe
2013-08-29 17:25 - 2012-07-19 20:44 - 00699536 _____ (MindSpark) C:\Program Files (x86)\4aUninstall Astrology.dll
2013-08-29 17:25 - 2012-07-19 20:44 - 00172448 _____ () C:\Program Files (x86)\4ares.dll
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\FRST
2013-08-28 19:39 - 2013-08-28 19:39 - 00201216 _____ C:\ProgramData\qfpgsrv.exe
2013-08-28 17:12 - 2013-08-28 17:16 - 00000000 ____D C:\ProgramData\sipi
2013-08-19 06:34 - 2013-08-19 06:34 - 00000000 ____D C:\Users\Laura\AppData\Roaming\WinRAR
2013-08-19 05:59 - 2013-08-29 17:08 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-19 05:40 - 2013-08-19 05:40 - 00000000 ____D C:\Users\Laura\AppData\Roaming\PowerISO
2013-08-19 05:11 - 2013-08-19 05:11 - 00000000 ___RH C:\Users\Public\Documents\NTIMMV9P.dll
2013-08-19 05:07 - 2013-08-19 05:07 - 399693105 _____ C:\Windows\MEMORY.DMP
2013-08-19 05:07 - 2013-08-19 05:07 - 00707560 _____ C:\Windows\Minidump\081913-33275-01.dmp
2013-08-19 04:18 - 2013-08-19 04:18 - 00000000 ____D C:\Users\Laura\AppData\Roaming\ATI
2013-08-19 04:18 - 2013-08-19 04:18 - 00000000 ____D C:\Users\Laura\AppData\Local\ATI
2013-08-19 03:12 - 2013-08-19 05:15 - 00000000 ____D C:\Users\Laura\AppData\Local\Performersoft
2013-08-19 03:11 - 2013-08-19 03:11 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-08-19 02:54 - 2013-08-19 05:18 - 00000000 ____D C:\Users\Laura\AppData\Local\TopArcadeHits
2013-08-19 02:49 - 2013-08-19 05:17 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Systweak
2013-08-19 02:49 - 2013-08-19 03:49 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-08-19 02:49 - 2013-08-19 02:49 - 00003226 _____ C:\Windows\System32\Tasks\DSite
2013-08-19 02:49 - 2013-08-19 02:49 - 00000000 ____D C:\Users\Laura\AppData\Roaming\DSite
2013-08-15 20:58 - 2013-08-15 20:58 - 00000438 _____ C:\Windows\SysWOW64\WSCConfig.xml
2013-08-15 20:54 - 2013-08-19 05:45 - 00000000 ____D C:\Users\Laura\AppData\Roaming\vlc
2013-08-15 20:52 - 2013-08-29 18:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-15 19:05 - 2013-08-15 19:09 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Nico Mak Computing
2013-08-15 19:05 - 2013-06-19 17:27 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-15 19:04 - 2013-08-15 19:09 - 00000000 ____D C:\Program Files (x86)\WinZip Registry Optimizer
2013-08-13 21:42 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 21:42 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 21:42 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-13 21:42 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-13 21:42 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-13 21:41 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 21:41 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 21:41 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-13 21:41 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 21:41 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-13 21:41 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-13 21:41 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-13 21:41 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-13 21:41 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-13 21:41 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-13 21:41 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-13 21:41 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 21:40 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-13 21:25 - 2013-08-13 21:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 20:00 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 20:00 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 20:00 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 20:00 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 20:00 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 20:00 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 20:00 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 20:00 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 19:59 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 19:59 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 19:59 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 19:59 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 19:59 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 19:59 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 19:58 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 19:58 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 19:58 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 19:58 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 19:58 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 19:58 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 19:58 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 19:58 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 19:58 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 19:58 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 19:58 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 19:58 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 19:58 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-07-31 15:32 - 2013-07-31 15:32 - 00000000 _____ C:\Windows\SysWOW64\sho83BA.tmp
 
==================== One Month Modified Files and Folders =======
 
2013-08-29 19:56 - 2013-08-29 18:49 - 00000000 ____D C:\Users\Laura\Desktop\RK_Quarantine
2013-08-29 19:54 - 2013-08-29 19:54 - 01579080 _____ (Farbar) C:\Users\Laura\Downloads\FRST64.exe
2013-08-29 19:37 - 2013-06-30 13:24 - 01814680 _____ C:\Windows\WindowsUpdate.log
2013-08-29 19:29 - 2013-06-30 13:33 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 19:00 - 2013-08-29 19:00 - 00017544 _____ C:\Users\Laura\Desktop\attach.txt
2013-08-29 18:59 - 2013-08-29 19:00 - 00020286 _____ C:\Users\Laura\Desktop\dds.txt
2013-08-29 18:58 - 2013-08-29 18:58 - 00688992 ____R (Swearware) C:\Users\Laura\Downloads\dds.com
2013-08-29 18:53 - 2013-08-29 18:53 - 00002402 _____ C:\Users\Laura\Desktop\RKreport[0]_S_08292013_185344.txt
2013-08-29 18:49 - 2013-08-29 18:49 - 03771904 _____ C:\Users\Laura\Downloads\RogueKillerX64.exe
2013-08-29 18:47 - 2013-08-15 20:52 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-29 18:07 - 2012-09-14 18:02 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000UA.job
2013-08-29 18:07 - 2012-09-14 18:02 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000Core.job
2013-08-29 17:45 - 2012-09-15 08:56 - 00000000 ____D C:\Program Files (x86)\RadioHoops
2013-08-29 17:39 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 17:39 - 2009-07-13 23:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 17:36 - 2013-06-30 13:33 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 17:36 - 2013-03-22 21:36 - 00000000 ____D C:\Users\Laura\AppData\Local\Strongvault Online Backup
2013-08-29 17:36 - 2013-01-24 19:42 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-08-29 17:36 - 2009-07-14 00:13 - 00780172 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 17:31 - 2013-07-08 21:27 - 00012240 _____ C:\Windows\PFRO.log
2013-08-29 17:31 - 2013-07-08 18:19 - 00006060 _____ C:\Windows\setupact.log
2013-08-29 17:31 - 2013-04-02 17:51 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 17:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 17:27 - 2011-07-31 21:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-29 17:10 - 2011-12-06 19:01 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Skype
2013-08-29 17:08 - 2013-08-19 05:59 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\FRST
2013-08-28 19:39 - 2013-08-28 19:39 - 00201216 _____ C:\ProgramData\qfpgsrv.exe
2013-08-28 19:35 - 2011-12-01 17:55 - 00000000 ____D C:\Users\Laura\AppData\Local\VirtualStore
2013-08-28 17:16 - 2013-08-28 17:12 - 00000000 ____D C:\ProgramData\sipi
2013-08-26 23:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-23 08:00 - 2012-03-10 11:35 - 00000000 ____D C:\Users\Laura\AppData\Local\CrashDumps
2013-08-21 18:06 - 2013-06-30 13:35 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-21 01:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-19 21:02 - 2012-04-22 21:37 - 00774388 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-19 06:34 - 2013-08-19 06:34 - 00000000 ____D C:\Users\Laura\AppData\Roaming\WinRAR
2013-08-19 05:45 - 2013-08-15 20:54 - 00000000 ____D C:\Users\Laura\AppData\Roaming\vlc
2013-08-19 05:45 - 2013-05-11 23:06 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-19 05:45 - 2011-12-01 17:56 - 00000000 ___RD C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 05:40 - 2013-08-19 05:40 - 00000000 ____D C:\Users\Laura\AppData\Roaming\PowerISO
2013-08-19 05:18 - 2013-08-19 02:54 - 00000000 ____D C:\Users\Laura\AppData\Local\TopArcadeHits
2013-08-19 05:17 - 2013-08-19 02:49 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Systweak
2013-08-19 05:16 - 2013-03-07 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 05:16 - 2012-02-15 06:35 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Mozilla
2013-08-19 05:15 - 2013-08-19 03:12 - 00000000 ____D C:\Users\Laura\AppData\Local\Performersoft
2013-08-19 05:11 - 2013-08-19 05:11 - 00000000 ___RH C:\Users\Public\Documents\NTIMMV9P.dll
2013-08-19 05:07 - 2013-08-19 05:07 - 399693105 _____ C:\Windows\MEMORY.DMP
2013-08-19 05:07 - 2013-08-19 05:07 - 00707560 _____ C:\Windows\Minidump\081913-33275-01.dmp
2013-08-19 05:07 - 2012-10-28 14:06 - 00000000 ____D C:\Windows\Minidump
2013-08-19 04:18 - 2013-08-19 04:18 - 00000000 ____D C:\Users\Laura\AppData\Roaming\ATI
2013-08-19 04:18 - 2013-08-19 04:18 - 00000000 ____D C:\Users\Laura\AppData\Local\ATI
2013-08-19 03:49 - 2013-08-19 02:49 - 00000286 _____ C:\Windows\Tasks\DSite.job
2013-08-19 03:11 - 2013-08-19 03:11 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-08-19 02:49 - 2013-08-19 02:49 - 00003226 _____ C:\Windows\System32\Tasks\DSite
2013-08-19 02:49 - 2013-08-19 02:49 - 00000000 ____D C:\Users\Laura\AppData\Roaming\DSite
2013-08-18 22:17 - 2013-05-25 20:23 - 00000258 __RSH C:\Users\Allyssa\ntuser.pol
2013-08-18 22:17 - 2011-12-07 16:46 - 00000000 ____D C:\Users\Allyssa
2013-08-16 07:28 - 2013-04-02 17:53 - 00000258 __RSH C:\Users\Laura\ntuser.pol
2013-08-16 07:28 - 2011-12-01 17:53 - 00000000 ____D C:\Users\Laura
2013-08-16 00:22 - 2012-04-22 21:38 - 00000000 ____D C:\Users\Laura\AppData\Roaming\SoftGrid Client
2013-08-15 20:58 - 2013-08-15 20:58 - 00000438 _____ C:\Windows\SysWOW64\WSCConfig.xml
2013-08-15 20:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2013-08-15 19:09 - 2013-08-15 19:05 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Nico Mak Computing
2013-08-15 19:09 - 2013-08-15 19:04 - 00000000 ____D C:\Program Files (x86)\WinZip Registry Optimizer
2013-08-15 08:09 - 2013-07-13 13:36 - 00000000 ____D C:\Windows\Patches
2013-08-13 21:31 - 2013-08-13 21:25 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 21:25 - 2011-12-11 18:34 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-10 21:30 - 2011-07-31 22:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-10 21:30 - 2011-07-31 22:17 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 15:32 - 2013-07-31 15:32 - 00000000 _____ C:\Windows\SysWOW64\sho83BA.tmp
 
Files to move or delete:
====================
C:\ProgramData\qfpgsrv.exe
C:\Users\Allyssa\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Allyssa\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Allyssa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laura\AppData\Local\Temp\BackupSetup.exe
C:\Users\Laura\AppData\Local\Temp\nsoB05C.tmp.exe
C:\Users\Laura\AppData\Local\Temp\oi_{50C3A812-F5B9-4289-B18D-EBD56D0D6843}.exe
C:\Users\Laura\AppData\Local\Temp\oi_{5B1B3B3F-BFA4-46E7-A43E-F9FB5EA5AAB5}.exe
C:\Users\Laura\AppData\Local\Temp\safeguard.exe
C:\Users\Laura\AppData\Local\Temp\uninst1.exe
C:\Users\Laura\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Laura\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
C:\Users\Laura\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Laura\AppData\Local\Temp\{9914B689-DA23-4F6F-92FF-9F0EBE288548}\ISBEW64.exe
C:\Users\Laura\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
C:\Users\Laura\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
C:\Users\Laura\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
C:\Users\Laura\AppData\Local\Temp\nsi6432.tmp\ConduitMsTimestamp.dll
C:\Users\Laura\AppData\Local\Temp\nsi6432.tmp\System.dll
C:\Users\Laura\AppData\Local\Temp\is357113909\AVG_Safeguard.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\nss_handler.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\OpenItSetup.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\rcpsetup_binstall2_binstall2.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\SymCCIS.dll
C:\Users\Laura\AppData\Local\Temp\is357113909\Toparcadehits.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\uninstaller.exe
C:\Users\Laura\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Laura\AppData\Local\Temp\is-RF0P5.tmp\jetreports.exe
C:\Users\Laura\AppData\Local\Temp\Downloads\XceedZip.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\avg-secure-search-installer.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ConfigFiles\avguidx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\ConfigFiles\MachineIdCreator.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\helper.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\log4cplusU.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\loggingserver.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07128\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\avg-secure-search-installer.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ConfigFiles\avguidx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\ConfigFiles\MachineIdCreator.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Laura\AppData\Local\Temp\avg_a07016\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\avg-secure-search-installer.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ConfigFiles\avguidx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\ConfigFiles\MachineIdCreator.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Laura\AppData\Local\Temp\avg_a06100\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\avg-secure-search-installer.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ProgFiles\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ConfigFiles\avguidx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\ConfigFiles\MachineIdCreator.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\helper.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\log4cplusU.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\loggingserver.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Laura\AppData\Local\Temp\avg_a05092\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Laura\AppData\Local\Temp\A1D65DF2\x86\regsvr32.exe
C:\Users\Laura\AppData\Local\Temp\A1D65DF2\x64\regsvr32.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-24 01:19
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Laura at 2013-08-29 20:01:00
Running from C:\Users\Laura\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027)
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027)
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027)
CCC Help Czech (x32 Version: 2011.0524.2351.41027)
CCC Help Danish (x32 Version: 2011.0524.2351.41027)
CCC Help Dutch (x32 Version: 2011.0524.2351.41027)
CCC Help English (x32 Version: 2011.0524.2351.41027)
CCC Help Finnish (x32 Version: 2011.0524.2351.41027)
CCC Help French (x32 Version: 2011.0524.2351.41027)
CCC Help German (x32 Version: 2011.0524.2351.41027)
CCC Help Greek (x32 Version: 2011.0524.2351.41027)
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027)
CCC Help Italian (x32 Version: 2011.0524.2351.41027)
CCC Help Japanese (x32 Version: 2011.0524.2351.41027)
CCC Help Korean (x32 Version: 2011.0524.2351.41027)
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027)
CCC Help Polish (x32 Version: 2011.0524.2351.41027)
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027)
CCC Help Russian (x32 Version: 2011.0524.2351.41027)
CCC Help Spanish (x32 Version: 2011.0524.2351.41027)
CCC Help Swedish (x32 Version: 2011.0524.2351.41027)
CCC Help Thai (x32 Version: 2011.0524.2351.41027)
CCC Help Turkish (x32 Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cisco Connect (x32 Version: 1.4.11350.0)
Conexant HD Audio (Version: 8.41.1.51)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
DefaultTab (x32 Version: 2.2.3.0)
DomaIQ (x32)
Dora's World Adventure (x32 Version: 2.2.0.95)
eaner (Version: 4.03)
eBay Worldwide (x32 Version: 2.2.0409)
eMachines Games (x32 Version: 1.0.2.5)
eMachines Power Management (x32 Version: 6.00.3007)
eMachines Recovery Management (x32 Version: 5.00.3502)
eMachines Registration (x32 Version: 1.04.3502)
eMachines ScreenSaver (x32 Version: 1.1.0806.2010)
eMachines Updater (x32 Version: 1.02.3500)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FATE: The Cursed King (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
FlashPlayer (x32 Version: 1.6.8)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 29.0.1547.57)
Google Update Helper (x32 Version: 1.3.21.153)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Identity Card (x32 Version: 1.00.3501)
InternetHelper3  Firefox Toolbar (x32 Version: 1.0.0.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.97)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Launch Manager (x32 Version: 5.1.7)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
NTI Media Maker 9 (x32 Version: 9.0.2.8942)
Pando Media Booster (x32 Version: 2.6.0.7)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
PricePeep for Internet Explorer (x32 Version: 2.1.44.0)
RadioHoops Toolbar (x32 Version: 6.9.0.16)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
Search Protect by conduit (x32 Version: 1.5.0.71)
Sendori (x32 Version: 2.0.15)
Skype™ 6.7 (x32 Version: 6.7.102)
Strongvault Online Backup (x32 Version: 2.1.1.0)
Supreme Savings (x32 Version: 1.26.153.2)
swMSM (x32 Version: 12.0.0.1)
TelevisionFanatic Toolbar (x32)
Times Reader (x32 Version: 2.055)
Torchlight (x32 Version: 2.2.0.97)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Video Web Camera (x32 Version: 1.0.1904)
VIPRE Internet Security (x32 Version: 6.1.5488)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Welcome Center (x32 Version: 1.02.3503)
WildTangent Games App (eMachines Games) (x32 Version: 4.0.5.14)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.97)
 
==================== Restore Points  =========================
 
11-08-2013 05:14:37 Scheduled Checkpoint
14-08-2013 02:22:23 Windows Update
20-08-2013 01:54:09 Windows Update
20-08-2013 13:13:49 Installed DAEMON Tools
20-08-2013 13:23:46 Installed DAEMON Tools
29-08-2013 22:15:31 Removed Adobe Reader X (10.1.7) MUI.
29-08-2013 22:26:37 Removed Atheros Communications Inc.® AR81Family Gigabit/Fast E™=ÿ
29-08-2013 22:28:34 Removed Skype™ 6.7
29-08-2013 23:41:56 Removed Adobe Reader X (10.1.7) MUI.
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-13] (Microsoft Corporation)
Task: {0E6A7CC8-A466-467F-948E-B930770E275F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe No File
Task: {1438715C-FC8F-4E45-AB2B-CF52326D9322} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)
Task: {24729CB4-A4A9-42D2-A690-7B75AFCF990F} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe No File
Task: {2F6CAFEE-5B15-48F8-B8A1-DA04285CE756} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe No File
Task: {493CFD74-8DAB-4696-9BFF-9F5160239E18} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000Core => C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14] (Facebook Inc.)
Task: {49723AE3-9C1D-41D3-BF90-D712876491AE} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1449767166-2851449438-3801735097-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {57345DBE-4300-47EB-9A03-54B9CD5232C5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000UA => C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14] (Facebook Inc.)
Task: {60503798-68D2-4E84-A28E-3E1A0346A528} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {73212117-8D63-41B1-9D38-8B584FA92040} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)
Task: {795E1D9E-4448-42A3-97DC-5A8F6F491C51} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1449767166-2851449438-3801735097-1000 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {8542D9AF-34C8-49C6-8CEC-0E3FAC2D2E9E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9110BE33-613D-419B-A1AA-4B50933DA7CB} - System32\Tasks\DSite => C:\Users\Laura\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {AC8FD358-684D-43C4-A8EB-820D9A608D71} - System32\Tasks\Updater19962.exe => C:\Users\Laura\AppData\Local\Updater19962\Updater19962.exe No File
Task: {C8C33053-E041-4BED-B39F-84D2C6972734} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-13] (Microsoft Corporation)
Task: {C8E3F573-8EAA-4D1E-9F9E-5F26B8796EF9} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe No File
Task: {D32228BA-929E-4806-B8AD-1E5128D7C97B} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-13] (Microsoft Corporation)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-13] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\DSite.job => C:\Users\Laura\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000Core.job => C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1449767166-2851449438-3801735097-1000UA.job => C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\State of Michigan Job Opportunities.website:favicon
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2013 05:31:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 05:19:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 05:10:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 04:48:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 03:50:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:20:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:17:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:10:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2013 09:15:37 PM) (Source: Google Update) (User: Laura-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (08/28/2013 07:30:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/29/2013 05:41:40 PM) (Source: Service Control Manager) (User: )
Description: The TelevisionFanaticService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/29/2013 05:41:34 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/29/2013 05:30:40 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (08/29/2013 05:17:38 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (08/29/2013 04:58:49 PM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (08/29/2013 04:58:12 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/29/2013 04:56:02 PM) (Source: DCOM) (User: )
Description: 1084sndappv2-Service{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 
Error: (08/29/2013 04:48:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/29/2013 04:48:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/29/2013 04:48:16 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/29/2013 05:31:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 05:19:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 05:10:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 04:48:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 03:50:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:20:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:17:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/29/2013 00:10:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/28/2013 09:15:37 PM) (Source: Google Update)(User: Laura-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7
 
Error: (08/28/2013 07:30:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 2794.9 MB
Available physical RAM: 1389.99 MB
Total Pagefile: 5587.99 MB
Available Pagefile: 3705.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:282.99 GB) (Free:233.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 7940CC6D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Delete this file:

C:\ProgramData\qfpgsrv.exe

-------------------

Clean out temp files:

Download TFC to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

The rest looks good.

If you want to clean out all the adware:

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

If you agree with everything listed to be removed in the folders section...........

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Then..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.001 - Report created 30/08/2013 at 12:24:53

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Laura - LAURA-PC

# Running from : C:\Users\Laura\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : CltMngSvc

Service Found : DefaultTabUpdate

Service Found : TelevisionFanaticService

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Users\Public\Desktop\eBay.lnk

File Found : C:\Windows\System32\roboot64.exe

File Found : C:\Windows\System32\Tasks\BrowserProtect

File Found : C:\Windows\System32\Tasks\DSite

File Found : C:\Windows\Tasks\DSite.job

Folder Found : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

Folder Found : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog

Folder Found C:\Program Files (x86)\Ask.com

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\MyPC Backup

Folder Found C:\Program Files (x86)\MyPC Backup 

Folder Found C:\Program Files (x86)\optimizer pro

Folder Found C:\Program Files (x86)\PricePeep

Folder Found C:\Program Files (x86)\RadioHoops

Folder Found C:\Program Files (x86)\SearchProtect

Folder Found C:\Program Files (x86)\Supreme Savings

Folder Found C:\Program Files (x86)\TelevisionFanatic

Folder Found C:\Program Files (x86)\tuguu sl

Folder Found C:\Program Files (x86)\WinZip Registry Optimizer

Folder Found C:\Program Files\DomaIQ Uninstaller

Folder Found C:\ProgramData\Ask

Folder Found C:\ProgramData\Babylon

Folder Found C:\ProgramData\BrowserProtect

Folder Found C:\ProgramData\IBUpdaterService

Folder Found C:\ProgramData\Tarma Installer

Folder Found C:\SearchProtect

Folder Found C:\Users\Allyssa\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Allyssa\AppData\Roaming\SearchProtect

Folder Found C:\Users\Laura\AppData\Local\Conduit

Folder Found C:\Users\Laura\AppData\Local\getsavin

Folder Found C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

Folder Found C:\Users\Laura\AppData\Local\PerformerSoft

Folder Found C:\Users\Laura\AppData\Local\Supreme Savings

Folder Found C:\Users\Laura\AppData\Local\TelevisionFanatic

Folder Found C:\Users\Laura\AppData\LocalLow\BabylonToolbar

Folder Found C:\Users\Laura\AppData\LocalLow\Conduit

Folder Found C:\Users\Laura\AppData\LocalLow\delta

Folder Found C:\Users\Laura\AppData\LocalLow\PriceGong

Folder Found C:\Users\Laura\AppData\LocalLow\RadioHoops

Folder Found C:\Users\Laura\AppData\LocalLow\TelevisionFanatic

Folder Found C:\Users\Laura\AppData\Roaming\Babylon

Folder Found C:\Users\Laura\AppData\Roaming\Conduit

Folder Found C:\Users\Laura\AppData\Roaming\DefaultTab

Folder Found C:\Users\Laura\AppData\Roaming\DriverCure

Folder Found C:\Users\Laura\AppData\Roaming\DSite

Folder Found C:\Users\Laura\AppData\Roaming\file scout

Folder Found C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

Folder Found C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\mgubdujx.default\Smartbar

Folder Found C:\Users\Laura\AppData\Roaming\PerformerSoft

Folder Found C:\Users\Laura\AppData\Roaming\SearchProtect

Folder Found C:\Users\Laura\AppData\Roaming\SpeedAnalysis2

Folder Found C:\Users\Laura\AppData\Roaming\Systweak

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\I Want This

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\RadioHoops

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Software\Supreme Savings

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\BabSolution

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\DefaultTab

Key Found : HKCU\Software\delta LTD

Key Found : HKCU\Software\distromatic

Key Found : HKCU\Software\dsiteproducts

Key Found : HKCU\Software\e53dfd1b66abd41

Key Found : HKCU\Software\filescout

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C064CFF-2112-4120-ABB2-D50D7464D330}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C064CFF-2112-4120-ABB2-D50D7464D330}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\PerformerSoft

Key Found : HKCU\Software\SearchProtect

Key Found : [x64] HKCU\Software\BabSolution

Key Found : [x64] HKCU\Software\BabylonToolbar

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Cr_Installer

Key Found : [x64] HKCU\Software\DataMngr

Key Found : [x64] HKCU\Software\Default Tab

Key Found : [x64] HKCU\Software\DefaultTab

Key Found : [x64] HKCU\Software\delta LTD

Key Found : [x64] HKCU\Software\distromatic

Key Found : [x64] HKCU\Software\dsiteproducts

Key Found : [x64] HKCU\Software\filescout

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\InstalledBrowserExtensions

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : [x64] HKCU\Software\PerformerSoft

Key Found : [x64] HKCU\Software\SearchProtect

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BabylonToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122992262}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D79F641-C168-40DF-A32F-BACEA7509E75}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C064CFF-2112-4120-ABB2-D50D7464D330}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\speedupmypc

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\SOFTWARE\e53dfd1b66abd41

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3193E50F-BFBF-4401-8DCB-F76C61388A4A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94DCD413-999B-40CB-BADA-2C977D09197F}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C064CFF-2112-4120-ABB2-D50D7464D330}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioHoops Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings

Key Found : HKLM\Software\RadioHoops

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\Software\Supreme Savings

Key Found : HKLM\Software\systweak

Key Found : HKLM\Software\Uniblue\DriverScanner

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : [x64] HKLM\SOFTWARE\DomaIQ

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C98D5B61-B0EA-4D48-9839-1079D352D880}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0696F815-A3A9-490A-BB14-9EC3350B1276}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C98D5B61-B0EA-4D48-9839-1079D352D880}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0C3110F6-A2E6-4B6F-9516-6DC345E1F7EF}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Search Scope Monitor]

Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Allyssa\AppData\Roaming\Mozilla\Firefox\Profiles\uhrcrb1q.default\prefs.js ]

 

Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-[...]

Line Found : user_pref("browser.search.selectedEngine", "Ask.com");

Line Found : user_pref("browser.search.order.1", "Ask.com");

Line Found : user_pref("browser.search.defaultengine", "Ask.com");

Line Found : user_pref("browser.search.defaultenginename", "Ask.com");


Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

Line Found : user_pref("extensions.crossriderapp19962.adsOldValue", -1);

 

-\\ Google Chrome v29.0.1547.57

 

[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Allyssa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [22246 octets] - [30/08/2013 12:24:53]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22307 octets] ##########
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.5 (08.28.2013:1)

OS: Windows 7 Home Premium x64

Ran by Laura on Fri 08/30/2013 at 18:01:56.11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1449767166-2851449438-3801735097-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\tuguu sl

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155995562}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066226658}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166996662}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440144994462}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550155995562}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066226658}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077227758}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440144994462}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3030623

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287819

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550155995562}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066226658}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166996662}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077227758}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\4aSkPlay_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\4aSkPlay_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550155995562}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066226658}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660166996662}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077227758}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440144994462}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\4aSkPlay_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\4aSkPlay_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{507E2261-EDE7-49BD-81E9-7991A444E2C6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\syswow64\sho83BA.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\Laura\AppData\Roaming\searchprotect"

Successfully deleted: [Folder] "C:\Users\Laura\AppData\Roaming\speedypc software"

Successfully deleted: [Folder] "C:\Users\Laura\AppData\Roaming\strongvault"

Successfully deleted: [Folder] "C:\Users\Laura\appdata\local\strongvault"

Failed to delete: [Folder] "C:\Users\Laura\appdata\local\strongvault online backup"

Successfully deleted: [Folder] "C:\Users\Laura\appdata\local\toparcadehits"

Successfully deleted: [Folder] "C:\Users\Laura\appdata\local\updater19962"

Failed to delete: [Folder] "C:\Program Files (x86)\strongvault online backup"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\strongvault online backup"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

Successfully deleted: [Empty Folder] C:\Users\Laura\appdata\local\{167161DD-8E58-4D97-8E76-78A86D597BAD}

Successfully deleted: [Empty Folder] C:\Users\Laura\appdata\local\{5AEA5517-E20C-4C2B-9FC4-D8948F3F85AA}

Successfully deleted: [Empty Folder] C:\Users\Laura\appdata\local\{867F3C3D-8DCE-4417-B1D7-844E332D70AA}

Successfully deleted: [Empty Folder] C:\Users\Laura\appdata\local\{EF65B1F8-801B-47B0-B2BB-CBD31DFB5F8B}

Successfully deleted: [Empty Folder] C:\Users\Laura\appdata\local\{EF71F65D-CB4A-41B9-89A9-B0405A8C350B}

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [blacklisted Policy]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/30/2013 at 18:17:02.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

My browser speed has seemed to pick itself up and lately I have been having problems with my modem resetting itself usually about 7-10 times a day, but it hasn't happened since yesterday. I'm guessing I should remove selected, and it will make everything even better?


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.30.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Laura :: LAURA-PC [administrator]
 
8/30/2013 6:35:47 PM
MBAM-log-2013-08-30 (18-46-31).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243205
Time elapsed: 8 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data:  -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\Laura\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> No action taken.
 
Files Detected: 40
C:\Users\Allyssa\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Allyssa\Local Settings\Temporary Internet Files\Content.IE5\W09MO7IE\iLividSetupV1.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_219.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_268.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\Laura\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> No action taken.
 
(end)
Link to post
Share on other sites

Did you read my instructions??????

 

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.
 
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
 
Make sure that everything is checked, and click Remove Selected.
 
Please let me know how computer is running now, MrC
 
Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

GFI Software VIPRE   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 25  

 Google Chrome 28.0.1500.95  

 Google Chrome 29.0.1547.57  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 3% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Perfect......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.