Hijacked browser

cooldragon · September 10, 2013

I was working with converting .pdf files to ePUB and had this nasty slither down the wires. It's called Holasearch.com and no matter what I do it remains. How do I get rid of it, please?

John

gringo_pr · September 10, 2013

Hello cooldragon

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

cooldragon · September 10, 2013

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 01

Ran by John at 2013-09-10 17:56:21

Running from C:\Documents and Settings\John\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 3.7.0.1530)

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)

Amazon Kindle

Apple Application Support (Version: 2.3)

Apple Software Update (Version: 2.1.3.127)

Avanquest update (Version: 1.05)

Avira Free Antivirus (Version: 13.0.0.4052)

Belarc Advisor 8.3 (Version: 8.3.2.0)

Big Fish: Game Manager (Version: 3.2.0.6)

BrowserDefender

Convert PDF to EPUB 1.6.8 (Version: 1.6.8)

Corel PaintShop Pro X5 (Version: 15.0.0.183)

Corel PaintShop Pro X5 (Version: 15.2.0.12)

Coupon Printer for Windows (Version: 5.0.0.0)

CrazyTalk Cam Suite PRO (Version: 3.0)

Dark Manor: A Hidden Object Mystery

DefaultTab (Version: 2.2.8.0)

DefaultTab Chrome (Version: 1.1.25)

Doom 3 (Version: 1.00.0000)

Dropbox (HKCU Version: 2.0.8)

Dropsend Direct beta version 4.0.3 (Version: 4.0.3)

Duke Nukem - Manhattan Project

Echoes of the Past: The Kingdom of Despair Collector's Edition

Eye 312 (Version: 1.0.0.14)

Facebook Video Calling 1.2.0.287 (Version: 1.2.287)

Fearful Tales: Hansel and Gretel Collector's Edition

Final Cut: Encore Collector's Edition

FinePixViewer Ver.4.2

Free Mp3 Wma Converter V 2.2 (Version: 2.2.0.0)

FUJIFILM MyFinePix Studio 1.0

FUJIFILM USB Driver

GIMP 2.8.6 (Version: 2.8.6)

Google Chrome (HKCU Version: 29.0.1547.66)

Google Drive (Version: 1.11.4865.2530)

Google Earth (Version: 7.1.1.1888)

Google Talk Plugin (Version: 4.5.3.14917)

Google Update Helper (Version: 1.3.21.153)

Grim Tales: Bloody Mary Collector's Edition

Haunted Legends: The Bronze Horseman

HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)

HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)

HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)

HP Photo Creations (Version: 1.0.0.3781)

HP Update (Version: 5.002.006.003)

HPDiagnosticAlert (Version: 1.00.0000)

ICA (Version: 15.0.0.183)

ImageMixer VCD2 for FinePix

IPM_PSP_COM (Version: 15.0.0.183)

Jasc Paint Shop Pro 8 (Version: 8.00.0000)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

jZip

lucky leap 3.0.0 (Version: 3.0.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

McAfee Security Scan Plus (Version: 3.0.318.3)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Publisher 2000 SR-1 (Version: 9.00.3821)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MicroStaff WINASPI

Motor Town: Soul of the Machine

Motorola Phone Tools (Version: 4.1 12-9-2005)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition

Nearwood Collector's Edition

Nightmares from the Deep: The Siren's Call Collector's Edition

NVIDIA Control Panel 307.83 (Version: 307.83)

NVIDIA Display Control Panel (Version: 6.14.11.9713)

NVIDIA Drivers (Version: 1.10.57.35)

NVIDIA Graphics Driver 307.83 (Version: 307.83)

NVIDIA Install Application (Version: 2.1002.109.706)

NVIDIA nView 136.53 (Version: 136.53)

NVIDIA nView Desktop Manager (Version: 6.14.10.00)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

Ocean Express

Paint Shop Pro 6 Digital Camera Support

Paint Shop Pro 6.0 (CD-ROM)

PDF to ePub Converter 3.0.6

Personal Ancestral File 5

Phenomenon: Meteorite

PhotoFiltre

PSPPContent (Version: 15.2.0.12)

PSPPHelp (Version: 15.0.0.183)

Quake 4 (Version: 1.0)

QuickTime (Version: 7.73.80.64)

RAW FILE CONVERTER LE

Realtek High Definition Audio Driver (Version: 5.10.0.6438)

Safari (Version: 5.34.57.2)

Segoe UI (Version: 14.0.4327.805)

Setup (Version: 15.0.0.183)

Skype Click to Call (Version: 6.11.13348)

Skype™ 6.6 (Version: 6.6.106)

SugarSync (Version: 2.0.27.114357)

SumatraPDF 2.3.2 (Version: 2.3.2)

swMSM (Version: 12.0.0.1)

The Chronicles of Riddick - Assault on Dark Athena

Total Immersion D'Fusion Web Plugin

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2863058) (Version: 1)

Update for Windows XP (KB898461) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB961503) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

Vacation Quest: Australia

VLC media player 2.0.5 (Version: 2.0.5)

WebFldrs XP (Version: 9.50.6513)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Live Call (Version: 14.0.8117.0416)

Windows Live Communications Platform (Version: 14.0.8117.416)

Windows Live Essentials (Version: 14.0.8117.0416)

Windows Live Essentials (Version: 14.0.8117.416)

Windows Live Messenger (Version: 14.0.8117.0416)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3 (Version: 20080414.031525)

World Clock 2001

==================== Restore Points =========================

12-06-2013 20:00:38 Software Distribution Service 3.0

13-06-2013 22:04:04 System Checkpoint

15-06-2013 00:55:31 System Checkpoint

16-06-2013 05:19:54 System Checkpoint

17-06-2013 22:19:08 System Checkpoint

19-06-2013 00:25:33 System Checkpoint

20-06-2013 03:35:42 System Checkpoint

20-06-2013 07:37:12 Installed Driver Manager.

20-06-2013 20:18:17 Removed Driver Manager.

20-06-2013 20:19:25 Installed Java 7 Update 25

22-06-2013 01:10:39 System Checkpoint

24-06-2013 01:14:21 System Checkpoint

25-06-2013 03:28:51 System Checkpoint

27-06-2013 01:12:10 System Checkpoint

28-06-2013 02:53:47 System Checkpoint

28-06-2013 07:21:09 Removed FishEye

29-06-2013 22:12:09 System Checkpoint

01-07-2013 21:49:21 System Checkpoint

02-07-2013 06:23:05 Installed Jasc Paint Shop Pro 8

03-07-2013 14:13:54 System Checkpoint

05-07-2013 03:44:07 System Checkpoint

06-07-2013 21:24:45 System Checkpoint

08-07-2013 20:41:44 System Checkpoint

09-07-2013 20:51:15 System Checkpoint

10-07-2013 20:00:29 Software Distribution Service 3.0

11-07-2013 21:25:10 System Checkpoint

12-07-2013 12:17:39 Software Distribution Service 3.0

13-07-2013 21:22:22 System Checkpoint

14-07-2013 22:01:32 System Checkpoint

15-07-2013 23:19:18 System Checkpoint

17-07-2013 00:11:20 Installed Driver Manager.

17-07-2013 00:14:44 Removed Driver Manager.

18-07-2013 00:51:19 System Checkpoint

19-07-2013 21:35:30 System Checkpoint

21-07-2013 00:07:47 System Checkpoint

22-07-2013 01:58:35 System Checkpoint

23-07-2013 07:24:37 System Checkpoint

24-07-2013 21:24:30 System Checkpoint

25-07-2013 21:34:00 System Checkpoint

27-07-2013 06:11:50 System Checkpoint

28-07-2013 21:51:22 System Checkpoint

29-07-2013 22:49:18 System Checkpoint

30-07-2013 23:08:47 System Checkpoint

01-08-2013 05:11:22 System Checkpoint

02-08-2013 00:31:28 Removed HP Deskjet 1050 J410 series Basic Device Software

02-08-2013 00:32:04 Removed HP Deskjet 1050 J410 series Basic Device Software

02-08-2013 00:32:39 Removed HP Deskjet 1050 J410 series Help

02-08-2013 00:33:05 Removed HP Deskjet 1050 J410 series Product Improvement Study

02-08-2013 00:33:48 Removed HP Update.

02-08-2013 20:00:18 Software Distribution Service 3.0

03-08-2013 22:00:13 System Checkpoint

04-08-2013 22:40:49 System Checkpoint

05-08-2013 22:52:37 System Checkpoint

06-08-2013 23:24:58 System Checkpoint

08-08-2013 04:56:19 System Checkpoint

09-08-2013 05:37:56 System Checkpoint

10-08-2013 21:03:30 System Checkpoint

11-08-2013 21:19:49 System Checkpoint

12-08-2013 21:32:01 System Checkpoint

13-08-2013 22:38:25 System Checkpoint

14-08-2013 11:33:24 Software Distribution Service 3.0

15-08-2013 23:37:00 Restore Operation

16-08-2013 02:31:35 Software Distribution Service 3.0

17-08-2013 20:37:01 System Checkpoint

18-08-2013 21:21:10 System Checkpoint

19-08-2013 21:38:37 System Checkpoint

21-08-2013 08:12:01 System Checkpoint

22-08-2013 22:13:27 System Checkpoint

24-08-2013 00:17:35 Installed DirectX

25-08-2013 03:49:21 System Checkpoint

26-08-2013 21:37:06 System Checkpoint

27-08-2013 23:04:35 System Checkpoint

28-08-2013 06:44:23 Software Distribution Service 3.0

29-08-2013 20:45:47 System Checkpoint

30-08-2013 23:17:56 System Checkpoint

01-09-2013 01:57:59 System Checkpoint

02-09-2013 04:28:00 System Checkpoint

03-09-2013 04:58:56 System Checkpoint

04-09-2013 05:40:13 System Checkpoint

04-09-2013 21:32:02 Installed DirectX

05-09-2013 22:32:31 System Checkpoint

07-09-2013 01:05:27 System Checkpoint

08-09-2013 02:01:17 System Checkpoint

09-09-2013 02:48:50 System Checkpoint

10-09-2013 00:22:44 Installed Convert PDF to EPUB 1.6.8.

==================== Hosts content: ==========================

2003-04-01 00:00 - 2013-04-24 12:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\John\APPLIC~1\BABSOL~1\Shared\BabMaint.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job => C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job => C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job => C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job => C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2003-04-01 00:00 - 2009-02-27 16:56 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime

2013-04-25 05:59 - 2013-04-25 05:59 - 00130736 _____ (Dropbox, Inc.) C:\Documents and Settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

2013-06-18 09:53 - 2013-01-30 13:12 - 00159488 _____ (EldoS Corporation) C:\WINDOWS\system32\SSCbFsMntNtf3.dll

2013-06-18 09:53 - 2013-01-30 13:12 - 00225024 _____ (EldoS Corporation) C:\WINDOWS\system32\SSCbFsNetRdr3.dll

2013-06-06 07:22 - 2013-06-27 05:22 - 02090848 _____ (SugarSync, Inc.) C:\Program Files\SugarSync\SugarSyncShellExt.dll

2011-11-02 17:58 - 2010-12-30 15:32 - 00616960 _____ () C:\Program Files\Dropsend Direct beta\shellExt.dll

2012-02-12 10:32 - 2011-12-18 08:38 - 00548752 _____ (Bandoo media inc) C:\Program Files\jZip\jZipShell.dll

2013-01-09 12:16 - 2013-01-09 12:16 - 00085320 _____ (Corel Software, Inc.) c:\Program Files\Corel\Corel PaintShop Pro X5\PSPContextMenu.dll

2011-09-16 13:38 - 2009-03-17 05:00 - 00272384 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM9X.DLL

2013-08-02 12:38 - 2010-11-17 11:55 - 00267112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpinksts8911LM.dll

2001-11-16 05:00 - 2001-11-16 05:00 - 00114744 _____ (HP) C:\WINDOWS\system32\hpzlnt04.dll

2011-09-18 08:02 - 2008-07-07 00:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll

2011-09-16 12:56 - 2006-10-26 19:56 - 00033104 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll

2011-09-18 08:02 - 2008-07-07 00:06 - 00744960 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL

2013-02-25 09:49 - 2013-02-25 09:44 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2010-03-16 03:37 - 2013-01-31 21:02 - 00108832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvMCTray.dll

2011-09-13 12:40 - 2013-02-08 05:02 - 02389504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi.dll

2012-04-14 03:44 - 2012-04-14 03:44 - 02512896 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtCore4.dll

2012-04-14 04:00 - 2012-04-14 04:00 - 08351744 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtGui4.dll

2012-04-14 03:51 - 2012-04-14 03:51 - 01778688 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtNetwork4.dll

2012-04-14 05:48 - 2012-04-14 05:48 - 13110784 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtWebKit4.dll

2012-04-14 03:44 - 2012-04-14 03:44 - 00355840 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtXml4.dll

2012-04-14 04:11 - 2012-04-14 04:11 - 01341440 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\QtScript4.dll

2012-04-14 05:50 - 2012-04-14 05:50 - 00026624 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qgif4.dll

2012-04-14 05:51 - 2012-04-14 05:51 - 00028672 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qico4.dll

2012-04-14 05:50 - 2012-04-14 05:50 - 00201216 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\SugarSync\imageformats\qjpeg4.dll

2013-02-25 09:49 - 2013-06-27 20:23 - 00154112 _____ (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\apcfile.dll

2013-02-25 09:49 - 2013-02-25 09:46 - 00257536 _____ (The cURL library, http://curl.haxx.se/) C:\Program Files\Avira\AntiVir Desktop\libcurl.dll

2013-08-02 12:38 - 2010-11-17 11:55 - 01792872 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanMiniDrv_DJ1050_J410.dll

2013-09-06 09:02 - 2013-09-10 07:43 - 00014112 _____ (lucky leap) C:\Program Files\lucky leap\luckyleap.Common.dll

2013-09-10 12:23 - 2013-08-31 01:03 - 02699232 _____ () C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll

2013-09-04 18:02 - 2013-09-03 08:34 - 47074256 _____ (Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\chrome.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 09962960 _____ (The ICU Project) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\icudt.dll

2003-04-01 00:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2003-04-01 00:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 04053456 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 00410576 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 02110928 _____ (Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 01604560 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll

2013-09-04 18:02 - 2013-09-03 08:35 - 13599184 _____ () C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:120E44A4

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A15E356

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1A259A13

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1EC13383

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2636DE16

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:398D2775

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3ADE134E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3B71586E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:401CAF8F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4B6A9FDA

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5008417E

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:58B3FE52

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:69F562A6

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:6EE8565A

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7D938C9B

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7FA0D639

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:88FB7F72

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8A620099

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A391510C

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A7C40691

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8369371

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A9223B61

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A9F13D2D

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B33464A5

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B602AC45

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B9F8237A

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BCFEA004

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF1E0621

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C0D23A2F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C370B84F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C5340FA1

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C8E3A625

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB5AA1E6

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CBAF0C30

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E4272706

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E4FD113F

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:EDF12A30

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F1174C93

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/09/2013 09:45:47 PM) (Source: Application Error) (User: )

Description: Faulting application bfgclient.exe, version 3.2.0.6, faulting module bfgclient.exe, version 3.2.0.6, fault address 0x001ee3bb.

Processing media-specific event for [bfgclient.exe!ws!]

Error: (09/08/2013 00:10:06 PM) (Source: Application Error) (User: )

Description: Faulting application chrome.exe, version 29.0.1547.66, faulting module chrome.dll, version 29.0.1547.66, fault address 0x0067d20c.

Processing media-specific event for [chrome.exe!ws!]

Error: (09/06/2013 08:48:06 PM) (Source: Application Error) (User: )

Description: Faulting application bfgclient.exe, version 3.2.0.6, faulting module bfgclient.exe, version 3.2.0.6, fault address 0x001ee3bb.

Processing media-specific event for [bfgclient.exe!ws!]

Error: (09/06/2013 08:14:25 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/06/2013 04:18:21 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

Error: (09/06/2013 04:18:14 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/06/2013 00:15:36 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

Error: (09/06/2013 00:15:33 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/06/2013 00:14:16 PM) (Source: Application Hang) (User: )

Description: Fault bucket 1180947459.

Error: (09/06/2013 00:14:07 PM) (Source: Application Hang) (User: )

Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:

=============

Error: (09/07/2013 00:39:41 PM) (Source: Service Control Manager) (User: )

Description: The Update lucky leap service failed to start due to the following error:

%%1053

Error: (09/07/2013 00:39:41 PM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Update lucky leap service to connect.

Error: (09/07/2013 07:25:11 AM) (Source: Service Control Manager) (User: )

Description: The Update lucky leap service failed to start due to the following error:

%%1053

Error: (09/07/2013 07:25:11 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Update lucky leap service to connect.

Error: (09/02/2013 07:35:14 AM) (Source: Print) (User: NT AUTHORITY)

Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.

Error: (08/28/2013 02:26:07 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register with DCOM within the required timeout.

Error: (08/26/2013 07:40:36 AM) (Source: Service Control Manager) (User: )

Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:

%%1053

Error: (08/26/2013 07:40:36 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the Computer Backup (MyPC Backup) service to connect.

Microsoft Office Sessions:

=========================

Error: (01/25/2012 07:43:28 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2140 seconds with 960 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 26%

Total physical RAM: 3519.48 MB

Available physical RAM: 2587.17 MB

Total Pagefile: 5402.66 MB

Available Pagefile: 4419.91 MB

Total Virtual: 2047.88 MB

Available Virtual: 1938.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:384.75 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (QUAKE4) (CDROM) (Total:2.7 GB) (Free:0 GB) UDF

Drive e: () (Fixed) (Total:149.01 GB) (Free:85.58 GB) FAT32

Drive s: (SugarSync Drive) (Fixed) (Total:5.75 GB) (Free:5.36 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 83FA83FA)

Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 149 GB) (Disk ID: D066BE06)

Partition 1: (Active) - (Size=149 GB) - (Type=0C)

==================== End Of Log ====

cooldragon · September 10, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01

Ran by John (administrator) on JOHNSPC on 10-09-2013 17:53:39

Running from C:\Documents and Settings\John\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

(SugarSync, Inc.) C:\Program Files\SugarSync\SugarSync.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

() C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(lucky leap) C:\Program Files\lucky leap\updateluckyleap.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

() C:\Program Files\DefaultTab\DefaultTabSearch.exe

() C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe

(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe

(Google Inc.) C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20055144 2011-08-09] (Realtek Semiconductor Corp.)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)

HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [FolderTransfer] - C:\Program Files\FolderTransfer\FolderTransfer.exe h

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()

HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-16] (HP)

HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [] - [x]

HKLM\...\Policies\Explorer: [NoDrives] 0

HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)

HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2013-05-11] (Facebook Inc.)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-06-20] (Google Inc.)

HKCU\...\Run: [sugarSync] - C:\Program Files\SugarSync\SugarSync.exe [12419424 2013-06-27] (SugarSync, Inc.)

HKCU\...\Run: [updateMyDrivers] - C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss

HKCU\...\Policies\Explorer: [NoDrives] 0

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\John\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Avenger\MyPC Backup.exe (No File)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\World Clock 2001.LNK

ShortcutTarget: World Clock 2001.LNK -> C:\Program Files\Zada Solutions\World Clock\zsWldClk.exe (Zada Solutions)

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.nz/

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.holasearch.com/?babsrc=HP_ss&mntrId=E4E600241D0677A4&affID=121962&tsp=5001

SearchScopes: HKLM - DefaultScope {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^nz&si=UTDO_AUS_CAN&ptb=99D2B3C5-4C81-4707-91C3-0158152FB565&ind=2013063022&n=77fce76e&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKLM - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}

SearchScopes: HKLM - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^nz&si=UTDO_AUS_CAN&ptb=99D2B3C5-4C81-4707-91C3-0158152FB565&ind=2013063022&n=77fce76e&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.holasearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E4E600241D0677A4&affID=121962&tsp=5001

SearchScopes: HKCU - {56F49C0F-5D79-4DDD-B856-8BAAF9D15832} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZO^xdm038^YYA^nz&si=UTDO_AUS_CAN&ptb=99D2B3C5-4C81-4707-91C3-0158152FB565&ind=2013063022&n=77fce76e&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} URL =

SearchScopes: HKCU - {D7ECBE8E-69D9-4328-BDBE-1E2B614A086B} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: lucky leap - {d77aa852-def3-43cb-a3f5-bd679de72f32} - C:\Program Files\lucky leap\luckyleapbho.dll (luckyleap)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315876675244

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.ologyworld.com/AR/plugin/DFusionHomeWebPlugIn.Installer.exe

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:

=======

CHR Extension: (lucky leap) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj\1.0.0_0

CHR Extension: (DefaultTab) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.27_0

CHR Extension: (Skype Click to Call) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0

CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\John\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR HKLM\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files\FTDownloader.com\FTDownloader10.crx

CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx

CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)

R2 BrowserDefendert; C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1562.221\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838496 2013-08-31] ()

R2 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-09-10] ()

R2 DefaultTabUpdate; C:\Documents and Settings\John\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-09-06] ()

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-06] (McAfee, Inc.)

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)

R2 Update lucky leap; C:\Program Files\lucky leap\updateluckyleap.exe [206624 2013-08-30] (lucky leap)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-06] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-06] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)

R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()

R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [37560 2008-09-20] ()

R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)

R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)

R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)

S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)

R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-25] (Avira GmbH)

S3 usbsermpt; C:\Windows\System32\DRIVERS\usbsermpt.sys [22768 2012-10-08] (Microsoft Corporation)

S4 IntelIde; No ImagePath

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-10 17:52 - 2013-09-10 17:53 - 01082349 _____ (Farbar) C:\Documents and Settings\John\Desktop\FRST.exe

2013-09-10 12:26 - 2013-09-10 12:26 - 00000000 ____D C:\Documents and Settings\John\Application Data\calibre

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\My Documents\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\avgchrome

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\Anicesoft

2013-09-10 12:23 - 2013-09-10 15:13 - 00002507 _____ C:\Documents and Settings\All Users\Desktop\Convert PDF to EPUB.lnk

2013-09-10 12:23 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\PerformerSoft

2013-09-10 12:23 - 2013-09-10 12:23 - 00000262 _____ C:\WINDOWS\Tasks\EPUpdater.job

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\searchplugins

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\Extensions

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBUpdaterService

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BrowserDefender

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Program Files\AniceSoft

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\John\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon

2013-09-10 12:15 - 2013-09-10 12:22 - 54048177 _____ C:\Documents and Settings\John\Desktop\convert-pdf-to-epub.zip

2013-09-10 12:14 - 2013-09-10 12:14 - 00392024 _____ (Softonic ) C:\Program Files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 12:05 - 2013-09-10 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU

2013-09-10 12:04 - 2013-09-10 12:08 - 00000000 ____D C:\Program Files\Common Files\AVSMedia

2013-09-10 12:04 - 2013-09-10 12:08 - 00000000 ____D C:\Program Files\AVS4YOU

2013-09-10 12:04 - 2010-07-21 14:31 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll

2013-09-10 12:02 - 2013-09-10 12:04 - 30433416 _____ (Online Media Technologies Ltd. ) C:\Program Files\AVSDocumentConverter.exe

2013-09-10 07:46 - 2013-09-10 13:46 - 96851172 _____ C:\WINDOWS\system32\匢L

2013-09-09 18:34 - 2013-09-09 18:34 - 00187901 _____ C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever.htm

2013-09-09 18:34 - 2013-09-09 18:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever_files

2013-09-06 20:23 - 2013-09-06 20:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\Big Fish Games

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Program Files\Dropbox

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\Dropbox

2013-09-06 10:39 - 2013-09-06 10:39 - 20059524 _____ C:\Documents and Settings\John\My Documents\BC9_11 hires 9.epub

2013-09-06 09:02 - 2013-09-10 09:03 - 00000000 ____D C:\Program Files\DefaultTab

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\PDF to ePub Converter

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\lucky leap

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\John\Application Data\DefaultTab

2013-09-05 09:31 - 2013-09-05 09:31 - 00002088 _____ C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Escape from Ravenhearst Collector's Edition.lnk

2013-09-05 09:29 - 2013-09-05 09:32 - 00000000 ____D C:\Program Files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-01 22:12 - 2013-09-01 22:12 - 00000000 ____D C:\Documents and Settings\John\Desktop\Self publishing

2013-09-01 21:42 - 2013-09-01 21:42 - 00000734 _____ C:\Documents and Settings\John\Desktop\GIMP 2.lnk

2013-09-01 21:40 - 2013-09-01 21:40 - 00001496 _____ C:\Documents and Settings\John\Local Settings\Application Data\recently-used.xbel

2013-09-01 21:38 - 2013-09-01 21:40 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 21:38 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\.thumbnails

2013-09-01 21:36 - 2013-09-01 21:43 - 00000000 ____D C:\Documents and Settings\John\.gimp-2.8

2013-09-01 21:35 - 2013-09-01 21:35 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 21:32 - 2013-09-01 21:35 - 00000000 ____D C:\Program Files\GIMP 2

2013-09-01 21:26 - 2013-09-01 21:31 - 90139696 _____ (The GIMP Team ) C:\Program Files\gimp-2.8.6-setup.exe

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Program Files\FramePhotoEditor

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\FramePhotoEditor

2013-09-01 11:53 - 2013-09-01 11:53 - 00003398 _____ C:\Documents and Settings\John\Desktop\Cauliflower Fritters Recipe - Taste.com.au.url

2013-09-01 08:04 - 2013-09-01 08:05 - 00000000 ____D C:\Program Files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-08-31 13:35 - 2013-08-31 13:35 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Hesp

2013-08-31 13:32 - 2013-08-31 13:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Bruce

2013-08-28 18:44 - 2013-08-28 18:44 - 00005602 _____ C:\WINDOWS\KB2834904-v2.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-08-27 08:20 - 2013-08-28 07:06 - 00000000 ____D C:\Avenger

2013-08-25 10:50 - 2013-08-25 10:50 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup

2013-08-25 10:47 - 2013-08-25 10:56 - 00000000 ____D C:\Documents and Settings\John\Application Data\Systweak

2013-08-25 10:47 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\WINDOWS\system32\roboot.exe

2013-08-24 23:21 - 2013-08-24 23:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\DarkManor

2013-08-24 12:15 - 2013-08-24 23:22 - 00000000 ____D C:\Program Files\Dark Manor - A Hidden Object Mystery

2013-08-24 07:45 - 2013-08-24 07:45 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache

2013-08-19 16:52 - 2013-08-19 16:56 - 00000000 ____D C:\Program Files\Phenomenon - Meteorite

2013-08-19 15:46 - 2013-08-19 15:47 - 00000000 ____D C:\Program Files\Grim Tales - Bloody Mary Collectors Edition

2013-08-19 10:12 - 2013-08-19 10:12 - 00000995 _____ C:\Documents and Settings\John\Desktop\SpiffoSpeaks • Retired Greyhounds Adopted by Famous-Infamous People.url

2013-08-17 10:49 - 2013-08-17 10:49 - 00000000 ____D C:\Program Files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-16 07:12 - 2013-08-16 07:12 - 00090112 _____ C:\WINDOWS\Minidump\Mini081613-01.dmp

2013-08-15 11:56 - 2013-08-16 11:37 - 00000000 ____D C:\Program Files\Clockwork Tales - Of Glass and Ink Collector's Edition

2013-08-14 23:50 - 2013-08-16 14:52 - 00025741 _____ C:\WINDOWS\KB2862772-IE8.log

2013-08-14 23:37 - 2013-08-16 14:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-08-14 23:37 - 2013-08-16 14:35 - 00010654 _____ C:\WINDOWS\KB2863058.log

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-08-14 23:37 - 2013-08-16 14:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-08-14 08:04 - 2013-08-16 14:36 - 00018703 _____ C:\WINDOWS\KB2850869.log

2013-08-14 08:04 - 2013-08-16 14:35 - 00021163 _____ C:\WINDOWS\KB2859537.log

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\WarThunder

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WarThunder

2013-08-11 16:22 - 2013-08-11 16:24 - 00000000 ____D C:\Program Files\Haunted Legends - The Bronze Horseman

2013-08-11 15:11 - 2013-08-11 15:13 - 00000000 ____D C:\Program Files\Nightmares from the Deep - The Siren's Call Collector's Edition

2013-08-11 09:35 - 2013-08-11 09:35 - 00000000 ____D C:\Documents and Settings\John\My Documents\Nearwood CE

2013-08-11 08:48 - 2013-08-11 08:49 - 00000000 ____D C:\Program Files\Nearwood Collector's Edition

==================== One Month Modified Files and Folders =======

2013-09-10 17:53 - 2013-09-10 17:53 - 00000000 ____D C:\FRST

2013-09-10 17:53 - 2013-09-10 17:52 - 01082349 _____ (Farbar) C:\Documents and Settings\John\Desktop\FRST.exe

2013-09-10 17:07 - 2011-10-02 21:21 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-10 16:58 - 2013-04-27 17:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-09-10 16:57 - 2012-06-20 08:21 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

2013-09-10 15:41 - 2011-09-13 12:16 - 02057175 _____ C:\WINDOWS\WindowsUpdate.log

2013-09-10 15:31 - 2013-05-11 18:26 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

2013-09-10 15:13 - 2013-09-10 12:23 - 00002507 _____ C:\Documents and Settings\All Users\Desktop\Convert PDF to EPUB.lnk

2013-09-10 14:57 - 2012-06-20 08:21 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

2013-09-10 14:00 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At4.job

2013-09-10 13:46 - 2013-09-10 07:46 - 96851172 _____ C:\WINDOWS\system32\匢L

2013-09-10 12:38 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At3.job

2013-09-10 12:26 - 2013-09-10 12:26 - 00000000 ____D C:\Documents and Settings\John\Application Data\calibre

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\My Documents\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\avgchrome

2013-09-10 12:25 - 2013-09-10 12:25 - 00000000 ____D C:\Documents and Settings\John\Application Data\Anicesoft

2013-09-10 12:25 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\PerformerSoft

2013-09-10 12:23 - 2013-09-10 12:23 - 00000262 _____ C:\WINDOWS\Tasks\EPUpdater.job

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\searchplugins

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\WINDOWS\system32\Extensions

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBUpdaterService

2013-09-10 12:23 - 2013-09-10 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BrowserDefender

2013-09-10 12:23 - 2013-04-27 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Program Files\AniceSoft

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\John\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Babylon

2013-09-10 12:22 - 2013-09-10 12:15 - 54048177 _____ C:\Documents and Settings\John\Desktop\convert-pdf-to-epub.zip

2013-09-10 12:14 - 2013-09-10 12:14 - 00392024 _____ (Softonic ) C:\Program Files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 12:08 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\Common Files\AVSMedia

2013-09-10 12:08 - 2013-09-10 12:04 - 00000000 ____D C:\Program Files\AVS4YOU

2013-09-10 12:05 - 2013-09-10 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU

2013-09-10 12:04 - 2013-09-10 12:02 - 30433416 _____ (Online Media Technologies Ltd. ) C:\Program Files\AVSDocumentConverter.exe

2013-09-10 10:10 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At1.job

2013-09-10 09:12 - 2011-09-13 23:40 - 00000211 _____ C:\WINDOWS\wiadebug.log

2013-09-10 09:03 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\DefaultTab

2013-09-10 08:38 - 2011-09-17 06:43 - 00000000 ____D C:\Documents and Settings\John\Application Data\Skype

2013-09-10 08:07 - 2011-10-02 21:21 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-10 07:45 - 2012-10-07 17:47 - 00000000 ____D C:\Documents and Settings\John\Application Data\Dropbox

2013-09-10 07:43 - 2011-09-13 23:40 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-09-10 07:43 - 2011-09-13 11:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-09-10 07:43 - 2003-04-01 00:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl

2013-09-09 21:49 - 2011-09-13 11:56 - 00000178 ___SH C:\Documents and Settings\John\ntuser.ini

2013-09-09 21:49 - 2011-09-13 11:56 - 00000000 ____D C:\Documents and Settings\John

2013-09-09 21:49 - 2011-09-13 11:55 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt

2013-09-09 20:40 - 2013-08-02 12:38 - 00000464 _____ C:\WINDOWS\Tasks\At2.job

2013-09-09 18:34 - 2013-09-09 18:34 - 00187901 _____ C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever.htm

2013-09-09 18:34 - 2013-09-09 18:34 - 00000000 ____D C:\Documents and Settings\John\Desktop\Dropbox - Fast Friends Forever_files

2013-09-09 18:31 - 2013-05-11 18:26 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

2013-09-09 18:12 - 2011-09-16 13:27 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-09-06 20:23 - 2013-09-06 20:23 - 00000000 ____D C:\Documents and Settings\John\Application Data\Big Fish Games

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Program Files\Dropbox

2013-09-06 16:21 - 2013-09-06 16:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\Dropbox

2013-09-06 16:13 - 2013-06-15 21:41 - 00000000 ____D C:\Documents and Settings\John\Desktop\The kids 15.6.13

2013-09-06 10:39 - 2013-09-06 10:39 - 20059524 _____ C:\Documents and Settings\John\My Documents\BC9_11 hires 9.epub

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\PDF to ePub Converter

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Program Files\lucky leap

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

2013-09-06 09:02 - 2013-09-06 09:02 - 00000000 ____D C:\Documents and Settings\John\Application Data\DefaultTab

2013-09-06 08:04 - 2013-04-30 21:40 - 00000000 ____D C:\Documents and Settings\John\Desktop\John Tracie book

2013-09-06 07:22 - 2013-02-25 09:49 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

2013-09-06 07:22 - 2013-02-25 09:49 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2013-09-05 18:54 - 2011-09-13 23:38 - 00162579 _____ C:\WINDOWS\setupact.log

2013-09-05 09:32 - 2013-09-05 09:29 - 00000000 ____D C:\Program Files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-05 09:32 - 2013-03-14 21:17 - 00123136 _____ C:\WINDOWS\setupapi.log

2013-09-05 09:32 - 2011-09-13 11:51 - 00000000 ____D C:\WINDOWS\system32\DirectX

2013-09-05 09:31 - 2013-09-05 09:31 - 00002088 _____ C:\Documents and Settings\All Users\Desktop\Play Mystery Case Files - Escape from Ravenhearst Collector's Edition.lnk

2013-09-04 20:40 - 2013-05-01 12:50 - 00000000 ____D C:\Documents and Settings\John\Desktop\Poem of the Day May 2013

2013-09-02 20:59 - 2013-06-02 07:17 - 00000000 ____D C:\Documents and Settings\John\Desktop\Fast Friends Forever

2013-09-02 13:05 - 2011-09-16 12:59 - 00037888 _____ C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-09-01 22:17 - 2013-07-25 12:59 - 00000000 ____D C:\Documents and Settings\John\Desktop\New Folder

2013-09-01 22:12 - 2013-09-01 22:12 - 00000000 ____D C:\Documents and Settings\John\Desktop\Self publishing

2013-09-01 21:43 - 2013-09-01 21:36 - 00000000 ____D C:\Documents and Settings\John\.gimp-2.8

2013-09-01 21:42 - 2013-09-01 21:42 - 00000734 _____ C:\Documents and Settings\John\Desktop\GIMP 2.lnk

2013-09-01 21:40 - 2013-09-01 21:40 - 00001496 _____ C:\Documents and Settings\John\Local Settings\Application Data\recently-used.xbel

2013-09-01 21:40 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 21:38 - 2013-09-01 21:38 - 00000000 ____D C:\Documents and Settings\John\.thumbnails

2013-09-01 21:35 - 2013-09-01 21:35 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 21:35 - 2013-09-01 21:32 - 00000000 ____D C:\Program Files\GIMP 2

2013-09-01 21:31 - 2013-09-01 21:26 - 90139696 _____ (The GIMP Team ) C:\Program Files\gimp-2.8.6-setup.exe

2013-09-01 21:23 - 2011-12-24 04:41 - 00000000 ____D C:\Program Files\Amazon

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Program Files\FramePhotoEditor

2013-09-01 21:21 - 2013-09-01 21:21 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\FramePhotoEditor

2013-09-01 11:53 - 2013-09-01 11:53 - 00003398 _____ C:\Documents and Settings\John\Desktop\Cauliflower Fritters Recipe - Taste.com.au.url

2013-09-01 08:05 - 2013-09-01 08:04 - 00000000 ____D C:\Program Files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-09-01 07:41 - 2013-02-13 16:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish

2013-09-01 07:41 - 2011-09-16 19:13 - 00000000 ____D C:\Program Files\bfgclient

2013-08-31 13:35 - 2013-08-31 13:35 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Hesp

2013-08-31 13:34 - 2013-08-31 13:32 - 00000000 ____D C:\Documents and Settings\John\Desktop\Sent to Bruce

2013-08-31 07:58 - 2013-08-02 08:58 - 00000000 ____D C:\Documents and Settings\John\Application Data\Mozilla

2013-08-31 07:26 - 2013-06-07 15:00 - 00000000 ____D C:\Documents and Settings\John\Desktop\John Hesp Bruce book

2013-08-30 09:57 - 2011-09-13 12:16 - 00061733 _____ C:\WINDOWS\wmsetup.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00005602 _____ C:\WINDOWS\KB2834904-v2.log

2013-08-28 18:44 - 2013-08-28 18:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-08-28 18:44 - 2011-09-13 23:39 - 01448103 _____ C:\WINDOWS\FaxSetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00729739 _____ C:\WINDOWS\ocgen.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00561829 _____ C:\WINDOWS\tsoc.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00493438 _____ C:\WINDOWS\comsetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00300004 _____ C:\WINDOWS\ntdtcsetup.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00226870 _____ C:\WINDOWS\iis6.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00081043 _____ C:\WINDOWS\ocmsn.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00073540 _____ C:\WINDOWS\msgsocm.log

2013-08-28 18:44 - 2011-09-13 23:39 - 00001374 _____ C:\WINDOWS\imsins.log

2013-08-28 07:08 - 2013-04-27 16:15 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\PC Utility Kit

2013-08-28 07:08 - 2013-04-27 16:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit

2013-08-28 07:06 - 2013-08-27 08:20 - 00000000 ____D C:\Avenger

2013-08-28 04:42 - 2012-04-29 07:45 - 00000000 ____D C:\WINDOWS\system32\NtmsData

2013-08-28 01:59 - 2011-09-13 11:49 - 00000000 ____D C:\WINDOWS\Registration

2013-08-27 08:24 - 2013-04-29 01:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FolderTransfer

2013-08-27 08:18 - 2011-09-13 13:41 - 00000000 ____D C:\WINDOWS\ie8updates

2013-08-26 14:26 - 2011-09-16 14:21 - 00064968 ___HC C:\WINDOWS\system32\mlfcache.dat

2013-08-26 11:27 - 2013-06-17 01:00 - 00000000 ____D C:\Documents and Settings\John\Desktop\Colville Live Poetry August 2013

2013-08-25 10:56 - 2013-08-25 10:47 - 00000000 ____D C:\Documents and Settings\John\Application Data\Systweak

2013-08-25 10:50 - 2013-08-25 10:50 - 00000000 ____D C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup

2013-08-24 23:23 - 2013-08-24 23:21 - 00000000 ____D C:\Documents and Settings\John\Application Data\DarkManor

2013-08-24 23:22 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Dark Manor - A Hidden Object Mystery

2013-08-24 07:46 - 2013-03-31 12:15 - 00000000 ___RD C:\Program Files\Skype

2013-08-24 07:45 - 2013-08-24 07:45 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache

2013-08-23 12:42 - 2013-06-25 10:25 - 00000000 ____D C:\Documents and Settings\John\Desktop\Krissy

2013-08-22 12:08 - 2011-09-16 13:34 - 00000000 ____D C:\Program Files\Paint Shop Pro 6

2013-08-19 20:26 - 2012-06-16 20:01 - 00000000 ____D C:\Documents and Settings\John\Application Data\Elephant Games

2013-08-19 16:56 - 2013-08-19 16:52 - 00000000 ____D C:\Program Files\Phenomenon - Meteorite

2013-08-19 15:47 - 2013-08-19 15:46 - 00000000 ____D C:\Program Files\Grim Tales - Bloody Mary Collectors Edition

2013-08-19 11:13 - 2013-08-10 20:47 - 00000000 ____D C:\Documents and Settings\John\Desktop\Poems 2013

2013-08-19 10:12 - 2013-08-19 10:12 - 00000995 _____ C:\Documents and Settings\John\Desktop\SpiffoSpeaks • Retired Greyhounds Adopted by Famous-Infamous People.url

2013-08-17 21:21 - 2012-08-03 00:04 - 00000000 ____D C:\Documents and Settings\John\Application Data\Orneon

2013-08-17 16:02 - 2011-09-16 12:56 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt

2013-08-17 10:49 - 2013-08-17 10:49 - 00000000 ____D C:\Program Files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-17 07:28 - 2013-06-18 09:53 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\SugarSync

2013-08-16 17:59 - 2011-09-16 13:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-08-16 14:52 - 2013-08-14 23:50 - 00025741 _____ C:\WINDOWS\KB2862772-IE8.log

2013-08-16 14:52 - 2013-07-13 00:17 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-08-16 14:52 - 2011-09-13 23:39 - 00001374 _____ C:\WINDOWS\imsins.BAK

2013-08-16 14:52 - 2011-09-13 12:03 - 00185845 _____ C:\WINDOWS\updspapi.log

2013-08-16 14:47 - 2011-09-16 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-08-16 14:47 - 2011-09-13 13:38 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-08-16 14:39 - 2011-09-13 23:39 - 00661410 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-08-16 14:36 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$

2013-08-16 14:36 - 2013-08-14 08:04 - 00018703 _____ C:\WINDOWS\KB2850869.log

2013-08-16 14:35 - 2013-08-14 23:37 - 00010654 _____ C:\WINDOWS\KB2863058.log

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$

2013-08-16 14:35 - 2013-08-14 23:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

2013-08-16 14:35 - 2013-08-14 08:04 - 00021163 _____ C:\WINDOWS\KB2859537.log

2013-08-16 14:35 - 2011-09-13 13:47 - 00033912 _____ C:\WINDOWS\system32\TZLog.log

2013-08-16 11:40 - 2011-09-13 11:55 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-08-16 11:40 - 2011-09-13 11:55 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-08-16 11:37 - 2013-08-15 11:56 - 00000000 ____D C:\Program Files\Clockwork Tales - Of Glass and Ink Collector's Edition

2013-08-16 07:12 - 2013-08-16 07:12 - 00090112 _____ C:\WINDOWS\Minidump\Mini081613-01.dmp

2013-08-16 07:12 - 2011-10-02 13:41 - 00000000 ____D C:\WINDOWS\Minidump

2013-08-15 19:40 - 2012-07-05 20:30 - 00000000 ____D C:\Documents and Settings\John\Application Data\Artifex Mundi

2013-08-13 11:57 - 2011-10-05 15:29 - 00000465 _____ C:\WINDOWS\nsw.log

2013-08-12 20:57 - 2012-08-05 23:09 - 00000000 ____D C:\Documents and Settings\John\Application Data\ERS Game Studios

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\John\Local Settings\Application Data\WarThunder

2013-08-11 23:25 - 2013-08-11 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WarThunder

2013-08-11 20:10 - 2013-08-10 20:47 - 00000000 ____D C:\Documents and Settings\John\Desktop\Stories 2013

2013-08-11 16:24 - 2013-08-11 16:22 - 00000000 ____D C:\Program Files\Haunted Legends - The Bronze Horseman

2013-08-11 15:13 - 2013-08-11 15:11 - 00000000 ____D C:\Program Files\Nightmares from the Deep - The Siren's Call Collector's Edition

2013-08-11 13:57 - 2013-07-13 21:53 - 00000000 ____D C:\Documents and Settings\John\Desktop\Cancer poetry comp

2013-08-11 09:35 - 2013-08-11 09:35 - 00000000 ____D C:\Documents and Settings\John\My Documents\Nearwood CE

2013-08-11 08:49 - 2013-08-11 08:48 - 00000000 ____D C:\Program Files\Nearwood Collector's Edition

Files to move or delete:

====================

C:\Documents and Settings\John\jagex_cl_loginapplet_LIVE.dat

C:\Documents and Settings\John\random.dat

C:\DOCUME~1\John\LOCALS~1\Temp\BackupSetup.exe

C:\DOCUME~1\John\LOCALS~1\Temp\bfguni.exe

C:\DOCUME~1\John\LOCALS~1\Temp\MSN1076.exe

C:\DOCUME~1\John\LOCALS~1\Temp\PCPSetup-1-.exe

C:\DOCUME~1\John\LOCALS~1\Temp\uninst1.exe

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

gringo_pr · September 10, 2013

Hello cooldragon

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

cooldragon · September 10, 2013

Morning,Gringo... JRT wouldn't run properly on my PC. Here is the log for ADW Cleaner:

# AdwCleaner v3.003 - Report created 11/09/2013 at 07:24:59

# Updated 07/09/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : John - JOHNSPC

# Running from : C:\Documents and Settings\John\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : BrowserDefendert

Service Deleted : DefaultTabSearch

Service Deleted : DefaultTabUpdate

[#] Service Deleted : Update lucky leap

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender

Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService

Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedMaxPc

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\jZip

Folder Deleted : C:\Program Files\DefaultTab

Folder Deleted : C:\Program Files\jZip

Folder Deleted : C:\Program Files\lucky leap

Folder Deleted : C:\Documents and Settings\John\IECompatCache

Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\iac

Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\jZip

Folder Deleted : C:\Documents and Settings\John\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\John\Application Data\DefaultTab

Folder Deleted : C:\Documents and Settings\John\Application Data\DriverCure

Folder Deleted : C:\Documents and Settings\John\Application Data\PerformerSoft

Folder Deleted : C:\Documents and Settings\John\Application Data\SpeedMaxPc

Folder Deleted : C:\Documents and Settings\John\Application Data\Systweak

Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\BrowserDefender

Folder Deleted : C:\Documents and Settings\John\Start Menu\Programs\MyPC Backup

[!] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj

[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

[!] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

File Deleted : C:\END

File Deleted : C:\WINDOWS\system32\roboot.exe

File Deleted : C:\Documents and Settings\John\Start Menu\Programs\Startup\MyPC Backup.lnk

File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences

File Deleted : C:\WINDOWS\Tasks\EPUpdater.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKCU\Software\e28bdfb13fef41

Key Deleted : HKLM\SOFTWARE\e28bdfb13fef41

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}

Key Deleted : HKCU\Software\Alexa Internet

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\distromatic

Key Deleted : HKCU\Software\jZip

Key Deleted : HKCU\Software\lucky leap

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SpeedMaxPC

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\jZip

Key Deleted : HKLM\Software\SearchquSRTB

Key Deleted : HKLM\Software\SpeedMaxPC

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Google Chrome v

[ File : C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [14729 octets] - [11/09/2013 07:23:17]

AdwCleaner[s0].txt - [14804 octets] - [11/09/2013 07:24:59]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14865 octets] ##########

cooldragon · September 10, 2013

THe hijacker seems to have disappeared... and the PC seems to be running a bit faster now.

gringo_pr · September 11, 2013

Hello cooldragon

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

cooldragon · September 12, 2013

Hello cooldragon
I Would like you to do the following.
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
Run Combofix:
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<
Combofix may need to reboot your computer more than once to do its job this is normal.
You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
"information and logs"
In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?
Gringo

My PC is running slower now....

**

ComboFix 13-09-10.03 - John 09/12/2013 9:06.14.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3519.2957 [GMT 12:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

.

((((((((((((((((((((((((( Files Created from 2013-08-11 to 2013-09-11 )))))))))))))))))))))))))))))))

.

2013-09-11 20:52 . 2013-09-11 20:52 -------- d-sh--w- c:\documents and settings\John\IECompatCache

2013-09-11 10:01 . 2013-09-11 10:01 -------- d-----w- c:\documents and settings\John\Application Data\Big Fish Games

2013-09-10 19:21 . 2013-09-10 19:25 -------- d-----w- C:\AdwCleaner

2013-09-10 05:53 . 2013-09-10 05:53 -------- d-----w- C:\FRST

2013-09-10 00:26 . 2013-09-10 00:26 -------- d-----w- c:\documents and settings\John\Application Data\calibre

2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Application Data\Anicesoft

2013-09-10 00:25 . 2013-09-10 00:25 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\avgchrome

2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\Extensions

2013-09-10 00:23 . 2013-09-10 00:23 -------- d-----w- c:\windows\system32\searchplugins

2013-09-10 00:22 . 2013-09-10 00:22 -------- d-----w- c:\program files\AniceSoft

2013-09-10 00:14 . 2013-09-10 00:14 392024 ----a-w- c:\program files\SoftonicDownloader_for_convert-pdf-to-epub.exe

2013-09-10 00:05 . 2013-09-10 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\Common Files\AVSMedia

2013-09-10 00:04 . 2013-09-10 00:08 -------- d-----w- c:\program files\AVS4YOU

2013-09-10 00:04 . 2010-07-21 02:31 24576 ----a-w- c:\windows\system32\msxml3a.dll

2013-09-10 00:02 . 2013-09-10 00:04 30433416 ----a-w- c:\program files\AVSDocumentConverter.exe

2013-09-06 04:21 . 2013-09-06 04:21 -------- d-----w- c:\program files\Dropbox

2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2013-09-05 21:02 . 2013-09-05 21:02 -------- d-----w- c:\program files\PDF to ePub Converter

2013-09-04 21:29 . 2013-09-04 21:32 -------- d-----w- c:\program files\Mystery Case Files - Escape from Ravenhearst Collector's Edition

2013-09-01 09:38 . 2013-09-01 09:40 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gtk-2.0

2013-09-01 09:38 . 2013-09-01 09:38 -------- d-----w- c:\documents and settings\John\.thumbnails

2013-09-01 09:36 . 2013-09-01 09:43 -------- d-----w- c:\documents and settings\John\.gimp-2.8

2013-09-01 09:35 . 2013-09-01 09:35 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\gegl-0.2

2013-09-01 09:32 . 2013-09-01 09:35 -------- d-----w- c:\program files\GIMP 2

2013-09-01 09:26 . 2013-09-01 09:31 90139696 ----a-w- c:\program files\gimp-2.8.6-setup.exe

2013-09-01 09:21 . 2013-09-01 09:21 -------- d-----w- c:\program files\FramePhotoEditor

2013-08-31 20:04 . 2013-08-31 20:05 -------- d-----w- c:\program files\Fearful Tales - Hansel and Gretel Collectors Edition

2013-08-24 11:21 . 2013-08-24 11:23 -------- d-----w- c:\documents and settings\John\Application Data\DarkManor

2013-08-24 00:15 . 2013-08-24 11:22 -------- d-----w- c:\program files\Dark Manor - A Hidden Object Mystery

2013-08-23 19:45 . 2013-08-23 19:45 -------- d-sh--w- c:\documents and settings\UpdatusUser\IETldCache

2013-08-19 04:52 . 2013-08-19 04:56 -------- d-----w- c:\program files\Phenomenon - Meteorite

2013-08-19 03:46 . 2013-08-19 03:47 -------- d-----w- c:\program files\Grim Tales - Bloody Mary Collectors Edition

2013-08-16 22:49 . 2013-08-16 22:49 -------- d-----w- c:\program files\Echoes of the Past - The Kingdom of Despair Collectors Edition

2013-08-15 23:40 . 2013-08-15 23:40 -------- d-----w- c:\windows\system32\wbem\Repository

2013-08-14 23:56 . 2013-08-15 23:37 -------- d-----w- c:\program files\Clockwork Tales - Of Glass and Ink Collector's Edition

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-11 06:58 . 2013-04-27 05:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-11 06:58 . 2013-04-27 05:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-05 19:22 . 2013-02-24 21:49 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-09-05 19:22 . 2013-02-24 21:49 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-08-03 02:18 . 2006-10-18 08:47 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-07-26 02:47 . 2003-03-31 12:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 02:47 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-07-26 02:47 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-07-25 15:52 . 2011-09-13 00:05 385024 ------w- c:\windows\system32\html.iec

2013-07-10 11:25 . 2013-07-10 10:14 808970536 ----a-w- c:\program files\Lightroom_4_LS11_win_4_3.exe

2013-07-10 10:37 . 2003-03-31 12:00 406016 ----a-w- c:\windows\system32\usp10.dll

2013-07-04 02:59 . 2003-03-31 12:00 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08 . 2002-08-29 01:04 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-20 07:35 . 2013-06-20 07:35 2013672 ----a-w- c:\program files\DriverManager.exe

2013-06-17 21:52 . 2013-06-17 21:51 20909312 ----a-w- c:\program files\SugarSyncSetup.exe

2013-05-26 23:27 . 2013-05-26 23:22 56512440 ----a-w- c:\program files\psp800ev.exe

2013-05-04 20:11 . 2013-05-04 20:08 34111016 ----a-w- c:\program files\Dropbox 2.0.8.exe

2013-04-27 22:57 . 2013-04-27 22:57 4987488 ----a-w- c:\program files\SumatraPDF-2.2.1-install.exe

2013-04-26 23:53 . 2013-04-26 23:53 4419192 ----a-w- c:\program files\SumatraPDF-2.1.1-install.exe

2012-11-19 23:51 . 2012-11-19 23:38 145320240 ----a-w- c:\program files\PSPX5_TBYB30.exe

2012-05-08 09:56 . 2012-05-08 09:34 295206264 ----a-w- c:\program files\PSPX4_TBYB30EN.exe

2012-04-23 07:39 . 2012-04-23 07:39 6674008 ----a-w- c:\program files\Shockwave_Installer_Slim.exe

2012-02-16 06:29 . 2012-02-16 06:25 85868856 ----a-w- c:\program files\cfw_installer.exe

2012-02-16 03:09 . 2012-02-16 03:09 944264 ----a-w- c:\program files\SkypeSetup.exe

2011-12-23 16:41 . 2011-12-23 16:42 24334368 ----a-w- c:\program files\KindleForPC-installer (1).exe

2011-12-23 16:41 . 2011-12-23 16:40 24334368 ----a-w- c:\program files\KindleForPC-installer.exe

2011-10-15 07:36 . 2011-10-15 07:37 300408 ----a-w- c:\program files\SoftonicDownloader_for_photofiltre.exe

2011-10-02 09:21 . 2011-10-02 09:21 604488 ----a-w- c:\program files\GoogleEarthSetup.exe

2008-10-11 03:03 . 2013-07-02 02:22 24576 ----a-w- c:\program files\memtest.exe

2004-03-17 04:13 . 2004-03-17 04:13 1028368 ----a-w- c:\program files\vbrun60sp6.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-24 17:59 130736 ----a-w- c:\documents and settings\John\Application Data\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"

[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]

2013-01-30 01:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 04:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"

[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]

@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"

[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]

2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-20 19875432]

"Facebook Update"="c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-05-11 138096]

"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-06-26 12419424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-02 319488]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-24 421888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]

"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

.

c:\documents and settings\John\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\John\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-4-25 28499304]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

OneNote Table Of Contents.onetoc2 [2013-6-4 3656]

World Clock 2001.LNK - c:\program files\Zada Solutions\World Clock\zsWldClk.exe [2000-8-23 684032]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

"c:\\Documents and Settings\\John\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\John\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:War Thunder

"20010:UDP"= 20010:UDP:War Thunder

"3478:UDP"= 3478:UDP:War Thunder

"7850:TCP"= 7850:TCP:War Thunder

"27022:TCP"= 27022:TCP:War Thunder

"6881:TCP"= 6881:TCP:War Thunder

"33333:TCP"= 33333:TCP:War Thunder

"20443:TCP"= 20443:TCP:War Thunder

"8090:TCP"= 8090:TCP:War Thunder

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/25/2013 9:49 AM 37352]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/25/2013 9:49 AM 84024]

R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [9/21/2011 12:29 PM 37560]

R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [6/18/2013 9:53 AM 295936]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/14/2013 11:10 AM 3291008]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2011 1:06 PM 1691480]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/6/2013 3:48 AM 235216]

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 06:58]

.

2013-09-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 05:57]

.

2013-09-10 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-11 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-11 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-11 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16 09:12]

.

2013-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]

.

2013-09-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

- c:\documents and settings\John\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-05-11 06:26]

.

2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]

.

2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-02 09:21]

.

2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004Core.job

- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]

.

2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-602162358-725345543-1004UA.job

- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-19 20:21]

.

------- Supplementary Scan -------

.

mStart Page =

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe

HKLM-Run-FolderTransfer - c:\program files\FolderTransfer\FolderTransfer.exe

AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-12 09:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

Completion time: 2013-09-12 10:01:38

ComboFix-quarantined-files.txt 2013-09-11 22:01

.

Pre-Run: 413,600,993,280 bytes free

Post-Run: 415,403,089,920 bytes free

.

- - End Of File - - 909BD1936D81534BE6CF4F46463A218A

8F558EB6672622401DA993E1E865C861

gringo_pr · September 12, 2013

Hello cooldragon

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?

Gringo

cooldragon · September 13, 2013

ComboFix 13-09-10.03 - John 09/13/2013 11:38:14.15.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3519.2903 [GMT 12:00]

Running from: c:\documents and settings\John\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

.

((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))