Jump to content

Premium user - Infected by Astromenda


Recommended Posts

Hi,

 

Have become infected by Astromenda, Scan (full or Hyper) finds 499 infected objects, Quarantined all, on restart (again, off-line) and re-scanned, all infected objects still showing.

 

FRST scan and Addition txt files attached..

 

Any help would be greatly appreciated!

 

suff

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
 
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Your PC seems pretty well infected, so we will run two more tools:
 
 
adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

Hi Again TwinHeadedEagle,

 

Thanks for instructions.

 

Adwcleaner first:

 

# AdwCleaner v3.311 - Report created 02/10/2014 at 22:12:42
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Frankie_Upstairs - UPSTAIRS-PC
# Running from : C:\Users\Frankie_Standard\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\Program Files\wse_astromenda
Folder Deleted : C:\Users\Frankie Upstairs\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Frankie Upstairs\AppData\Roaming\wse_astromenda
Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
[!] Folder Deleted : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2237994
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8FA941-81D1-4F5E-BE9D-5C45C3F18F97}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BAF0DD6E-E62A-4517-8DD6-3E7520066229}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7FA3AC5-9043-4C39-941D-7E73AE8F162D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M11AA7B02-60E9-4277-9295-B0FF463B9193&SearchSource=58&CUI=&UM=5&UP=SP24FE1FE5-8012-484C-A803-059A4FB71395&q={searchTerms}&SSPV=
Deleted [search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_39_ch&cd=2XzuyEtN2Y1L1QzutDzztDtDtByBtDtD0AyEtCtCyBtD0EyBtN0D0Tzu0StCtDtDtDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0FtDtCyD0DyCtGtByDyD0EtG0DyD0C0AtG0DtByC0DtGtB0A0A0AtCyByC0DyCtC0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtA0D0Fzz0D0AyEtGyD0A0DyCtGyEyDyE0EtGzztC0A0FtGtA0C0BtDzztA0AtByBtCtByE2Q&cr=2065518094&ir=
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [30773 octets] - [02/10/2014 22:03:55]
AdwCleaner[s0].txt - [12738 octets] - [02/10/2014 22:12:42]
 
########## EOF - \AdwCleaner\AdwCleaner[s0].txt - [12799 octets] ##########
 
The zoek scan didnt go so well.. I got an error message saying path not found at file:///C:/Users/FRANKI~1/AppData/Local/Temp/zoekrun.hta, do you want to continue running scripts?
(see attached jpg)
 
I said yes and got following log:
 
 
Zoek.exe v5.0.0.0 Updated 30-09-2014
Tool run by Frankie_Upstairs on 02/10/2014 at 22:49:29.85.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Frankie_Standard\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
02/10/2014 22:52:26 Zoek.exe System Restore Point Created Succesfully.
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 02/10/2014 at 22:53:26.51 ======================
 
Waddya think?
 
Thanks again,
 
suff

 

post-174349-0-14308900-1412289966_thumb.

Link to post
Share on other sites

Update..

I may have quit too early - see following zoek-results:

 

 
Zoek.exe v5.0.0.0 Updated 30-09-2014
Tool run by Frankie_Upstairs on 02/10/2014 at 23:30:52.17.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Frankie_Standard\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== Older Logs ======================
 
\zoek-results2014-10-02-215326.log 598 bytes
 
==== System Restore Info ======================
 
02/10/2014 23:36:45 Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\FRANKI~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Frankie Upstairs\AppData\Roaming\Mozilla\Firefox\Profiles\ckr565vf.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_102014_2359_.backup
 
ProfilePath: C:\Users\FRANKI~2\AppData\Roaming\Mozilla\Firefox\Profiles\cdeomunx.default
 
---- Lines astrmndasr removed from prefs.js ----
user_pref("extensions.astrmndasr.AL", 0);
user_pref("extensions.astrmndasr.aflt", "ast_frg01_14_39_ch");
user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");
user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzutDzztDtDtByBtDtD0AyEtCtCyBtD0EyBtN0D0Tzu0StCtDtDtDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1
user_pref("extensions.astrmndasr.cr", "1666327845");
user_pref("extensions.astrmndasr.dfltLng", "");
user_pref("extensions.astrmndasr.dfltSrch", true);
user_pref("extensions.astrmndasr.dnsErr", true);
user_pref("extensions.astrmndasr.excTlbr", false);
user_pref("extensions.astrmndasr.hmpg", true);
user_pref("extensions.astrmndasr.id", "08002700A41170E7");
user_pref("extensions.astrmndasr.instlDay", "16339");
user_pref("extensions.astrmndasr.instlRef", "142905_b");
user_pref("extensions.astrmndasr.prdct", "astrmndasr");
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.tlbrId", "");
user_pref("extensions.astrmndasr.vrsn", "");
user_pref("extensions.astrmndasr.vrsni", "");
user_pref("extensions.astrmndasr_i.newTab", true);
user_pref("extensions.astrmndasr_i.smplGrp", "none");
user_pref("extensions.astrmndasr_i.vrsnTs", "22:42:1");
---- Lines astrmndasr removed from user.js ----
 
user_pref("extensions.astrmndasr.hmpg", true);
user_pref("extensions.astrmndasr.dfltSrch", true);
user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
user_pref("extensions.astrmndasr.dnsErr", true);
user_pref("extensions.astrmndasr_i.newTab", true);
user_pref("extensions.astrmndasr.id", "08002700A41170E7");
user_pref("extensions.astrmndasr.instlDay", "16339");
user_pref("extensions.astrmndasr.vrsn", "");
user_pref("extensions.astrmndasr.vrsni", "");
user_pref("extensions.astrmndasr_i.vrsnTs", "22:42:1");
user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
user_pref("extensions.astrmndasr.prdct", "astrmndasr");
user_pref("extensions.astrmndasr.aflt", "ast_frg01_14_39_ch");
user_pref("extensions.astrmndasr_i.smplGrp", "none");
user_pref("extensions.astrmndasr.tlbrId", "");
user_pref("extensions.astrmndasr.instlRef", "142905_b");
user_pref("extensions.astrmndasr.dfltLng", "");
user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}");
user_pref("extensions.astrmndasr.excTlbr", false);
user_pref("extensions.astrmndasr.cr", "1666327845");
user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzutDzztDtDtByBtDtD0AyEtCtCyBtD0EyBtN0D0Tzu0StCtDtDtDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtB0D0F0ByBtDtBtGtAzy0BtDtGyByD0A0DtG0BtD0DyEtGtAzz0DtByDtA0Dzy0FyEyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0BzzyC0AtDtDyDtGtA0AzzzztGyEtByDzytGzy0A0EzztGzztBtD0F0EyCyBtByBtCtByE2Q");
user_pref("extensions.astrmndasr.AL", 0);
 
---- Lines Astromenda removed from prefs.js ----
user_pref("browser.search.selectedEngine", "Astromenda");
---- FireFox user.js and prefs.js backups ---- 
 
user_102014_2359_.backup
prefs_102014_2359_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\FoxTabPDFReader deleted
C:\Program Files\FoxTabVideo2Mp3Converter deleted
C:\Program Files\Wondershare deleted
C:\Program Files\Common Files\Wondershare deleted
C:\Users\Frankie Upstairs\AppData\Roaming\Wondershare deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Frankie Upstairs\AppData\Local\Wondershare deleted
C:\Users\Frankie_Standard\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Public\Windows-KB890830-V5.9.exe deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\~GLH28a3.TMP deleted
C:\Windows\System32\~GLH28a5.TMP deleted
C:\Users\Frankie Upstairs\Desktop\Continue FLV Media Player.lnk deleted
C:\Users\Default\AppData\Roaming\gacutil.exe deleted
C:\Users\Default\AppData\Roaming\PnPutil.exe deleted
C:\Users\Frankie_Standard\AppData\Roaming\gacutil.exe deleted
C:\Users\Frankie_Standard\AppData\Roaming\PnPutil.exe deleted
C:\Users\Joan\AppData\Roaming\gacutil.exe deleted
C:\Users\Joan\AppData\Roaming\PnPutil.exe deleted
C:\Users\Frankie Upstairs\mbam-setup-1.51.1.1800.exe deleted
"C:\ProgramData\39704380" deleted
"C:\ProgramData\~39704380" deleted
"C:\ProgramData\~39704380r" deleted
"C:\Users\Frankie Upstairs\AppData\Roaming\Tyceo" deleted
"C:\Users\Frankie Upstairs\AppData\Roaming\Pyecbo" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [09/07/2012 23:30]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\FRANKI~2\AppData\Roaming\Mozilla\Firefox\Profiles\cdeomunx.default
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
 
AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[09/07/2012 23:30]
 
Google Voice Search Hotword (Beta) - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
https //learningnetwork.cisco.com/servlet/Jiv - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjledagifaepgcjkkcjkkhgcbjljbk
Tabman Tabs Manager - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm
RealPlayer HTML5Video Downloader Extension - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
LogMeIn - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon
Weebly - Website Builder - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnocophcbjfiimmnhlhleaooedeheifb
Complitly plugin for chrome - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\defdhglnppeioeflggkmglipcecffkhk
DealPly - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gaiilaahiahdejapggenmdmafpmbipje
RealPlayer HTML5Video Downloader Extension - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Balsamiq Mockups - Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pplbmgaodhjmbklkgkgmlghaekcfhhkk
Google Voice Search Hotword (Beta) - Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Weebly - Website Builder - Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb
Chromebleed - Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic
RealPlayer HTML5Video Downloader Extension - Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Balsamiq Mockups - Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pplbmgaodhjmbklkgkgmlghaekcfhhkk
RealPlayer HTML5Video Downloader Extension - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Extension - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
==== Chromium Startpages ======================
 
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences
ame":"PREFERENCE","payload":"W:ChdSBMAv7swnWhP8SILaDaffvlur/KCDAhD2msjCg7i7mQc=","source":"1004"},{"current-ack":{"state":"65D8885A2E7132CAB9C09F8D1AF43361","timestamp":"13026865955508000"},"expected-ack":{"state":"65D8885A2E7132CAB9C09F8D1AF43361","timestamp":"13026865955508000"},"max-version":"-9223372036854775808","name":"PRIORITY_PREFERENCE","payload":"","source":"1004"},{"current-ack":{"state":"6B30EBBDB188790664A07FB693672DAB","timestamp":"13026865955553000"},"expected-ack":{"state":"6B30EBBDB188790664A07FB693672DAB","timestamp":"13026865955553000"},"max-version":"1381664369237000","name":"SEARCH_ENGINE","payload":"W:ChdSBMAv7swnWhNWhkIZOxVDR8L5PWODAhCVmbj884uEt+kB","source":"1004"},{"current-ack":{"state":"7717170B81FE9487EC6A045D08C2225A","timestamp":"13027033291379000"},"expected-ack":{"state":"7717170B81FE9487EC6A045D08C2225A","timestamp":"13027033291379000"},"max-version":"1382559719086000","name":"SESSION","payload":"W:ChdSBMAv7swnWhNcmvIpmrzK05vf+c2DAhC6k4GUj/LF93Y=","source":"1004"},{"current-ack":{"state":"48A61FFF4ACD398DED7C33863C29CD75","timestamp":"13026865955585000"},"expected-ack":{"state":"48A61FFF4ACD398DED7C33863C29CD75","timestamp":"13026865955585000"},"max-version":"1378247604976001","name":"SYNCED_NOTIFICATION","payload":"","source":"1004"},{"current-ack":{"state":"8688DA86856453AB9D566560BD907F8B","timestamp":"13026865955497000"},"expected-ack":{"state":"8688DA86856453AB9D566560BD907F8B","timestamp":"13026865955497000"},"max-version":"-9223372036854775808","name":"THEME","payload":"","source":"1004"},{"current-ack":{"state":"684347AA92DCC2414F7688FA0A927F68","timestamp":"13027012302286000"},"expected-ack":{"state":"684347AA92DCC2414F7688FA0A927F68","timestamp":"13027012302286000"},"max-version":"1382538728848000","name":"TYPED_URL","payload":"W:ChdSBMAv7swnWhNcmvIpmrzK05dQecuDAhC6k4GUj/LF93Y=","source":"1004"}]},"net":{"http_server_properties":{"servers":{"accounts.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"accounts.google.ie:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"accounts.youtube.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"apis.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients1.google.ie:443":{"supports_spdy":true},"clients2.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients4.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"csi.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"fonts.googleapis.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"lh5.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"plus.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"ssl.google-analytics.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"ssl.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"support.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"support.google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"themes.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"www.google-analytics.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.google.ie:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"www.google.ie:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true}},"version":2}},"ntp":{"app_page_names":["Apps"]},"plugins":{"migrated_to_pepper_flash":true,"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":12,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"[*.]courses.moodleshare.com,*":{"plugins":1},"[*.]digital-cameras.wonderhowto.com,*":{"plugins":1},"[*.]fit.skillport.com,*":{"plugins":1},"[*.]hw.libsyn.com,*":{"plugins":1},"[*.]keepvid.com,*":{"plugins":1},"[*.]motionographer.com,*":{"plugins":1},"[*.]prezi.com,*":{"fullscreen":1},"[*.]simulator.capitalspreads.com,*":{"popups":1},"[*.]snipmp3.com,*":{"plugins":1},"[*.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.aldiphotos.ie,*":{"plugins":1},"[*.]www.barchart.com,*":{"plugins":1},"[*.]www.berkleemusic.com,*":{"plugins":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.lippu.fi,*":{"plugins":1},"[*.]www.lynda.com,*":{"plugins":1},"[*.]www.thebluesbrothers.ie,*":{"plugins":1},"[*.]www.vdat.com,*":{"plugins":1},"[*.]www.wordle.net,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"[*.]xlibrary.skillport.com,*":{"plugins":1},"https://[*.]developer.mozilla.org:443,*":{"fullscreen":1},"https://[*.]dl-web.dropbox.com:443,*":{"plugins":1},"https://[*.]downstairs-pc-izhkwiyqiq.app107.logmein.com:443,*":{"plugins":1},"https://[*.]iemp15570-gutzrwceka.app03-11.logmein.com:443,*":{"plugins":1},"https://[*.]na6.salesforce.com:443,*":{"popups":1},"https://[*.]trade.marketspreads.ie:443,*":{"popups":1},"https://[*.]www.customer.etrip.ie:443,*":{"popups":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1}},"pref_version":1},"created_by_version":"30.0.1599.69","exit_type":"Normal","exited_cleanly":true,"icon_version":2,"is_managed":false,"managed_user_id":"","name":"Frank on Downstairs PC"},"reverse_autologin":{"enabled":false},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["https://connect2.pb.com/dana-na/auth/url_default/welcome.cgi","http://www.google.com/],"startup_urls":["http:\/\/search.conduit.com\/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M11AA7B02-60E9-4277-9295-B0FF463B9193&SearchSource=55&CUI=&UM=5&UP=SP24FE1FE5-8012-484C-A803-059A4FB71395&SSPV="]},"sync":{"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAzXgn/Ql8hEOit6ERg6z6agAAAAACAAAAAAADZgAAqAAAABAAAADDvtjqAVeQA7F912gVN9KlAAAAAASAAACgAAAAEAAAACs74ruUYQCFyxAq/XyzYuE4AAAAdBOrkxiWB/am9NyahlBm6pr1pVrNOIXbNcMc7u7L/wtuz/YDrbPQEltk3mdF7UB8G0BOsZDddQgUAAAAGKBM5YyK6DMHuZ4Au3YWu4OHs1Y=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAzXgn/Ql8hEOit6ERg6z6agAAAAACAAAAAAADZgAAqAAAABAAAABHr6PiO/8PUU3rQm9L/4LmAAAAAASAAACgAAAAEAAAAG4dxhiKNv04bmdbdw+aJj1QAAAAVRRlPQqSmjXS0+r1c/Kd0UgQ0lWTWRmaSa+BM1VUECBhFC4i8oUzFESFq3hWOTFplWHxbE13EVbC6J+o+PygcwFTfzPwZRODzQKegYEBG7cUAAAAxR+5EqperC8CgFaTMuBYg0Ub/dg=","last_synced_time":"13030832295533000","passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncKO18mmX4ofYJL3eNL00ehw==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":2},"synced_notification":{"enabled_sending_services":["Google+"],"initialized_sending_services":["Google+"]},"translate_accepted_count":{"de":0,"fi":2,"fr":1,"ga":0,"nl":4,"pt":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"fi":0,"fr":0,"ga":1,"nl":0,"pt":0}}
ame":"PREFERENCE","payload":"W:ChdSBMAv7swnWhP8SILaDaffvlur/KCDAhD2msjCg7i7mQc=","source":"1004"},{"current-ack":{"state":"65D8885A2E7132CAB9C09F8D1AF43361","timestamp":"13026865955508000"},"expected-ack":{"state":"65D8885A2E7132CAB9C09F8D1AF43361","timestamp":"13026865955508000"},"max-version":"-9223372036854775808","name":"PRIORITY_PREFERENCE","payload":"","source":"1004"},{"current-ack":{"state":"6B30EBBDB188790664A07FB693672DAB","timestamp":"13026865955553000"},"expected-ack":{"state":"6B30EBBDB188790664A07FB693672DAB","timestamp":"13026865955553000"},"max-version":"1381664369237000","name":"SEARCH_ENGINE","payload":"W:ChdSBMAv7swnWhNWhkIZOxVDR8L5PWODAhCVmbj884uEt+kB","source":"1004"},{"current-ack":{"state":"7717170B81FE9487EC6A045D08C2225A","timestamp":"13027033291379000"},"expected-ack":{"state":"7717170B81FE9487EC6A045D08C2225A","timestamp":"13027033291379000"},"max-version":"1382559719086000","name":"SESSION","payload":"W:ChdSBMAv7swnWhNcmvIpmrzK05vf+c2DAhC6k4GUj/LF93Y=","source":"1004"},{"current-ack":{"state":"48A61FFF4ACD398DED7C33863C29CD75","timestamp":"13026865955585000"},"expected-ack":{"state":"48A61FFF4ACD398DED7C33863C29CD75","timestamp":"13026865955585000"},"max-version":"1378247604976001","name":"SYNCED_NOTIFICATION","payload":"","source":"1004"},{"current-ack":{"state":"8688DA86856453AB9D566560BD907F8B","timestamp":"13026865955497000"},"expected-ack":{"state":"8688DA86856453AB9D566560BD907F8B","timestamp":"13026865955497000"},"max-version":"-9223372036854775808","name":"THEME","payload":"","source":"1004"},{"current-ack":{"state":"684347AA92DCC2414F7688FA0A927F68","timestamp":"13027012302286000"},"expected-ack":{"state":"684347AA92DCC2414F7688FA0A927F68","timestamp":"13027012302286000"},"max-version":"1382538728848000","name":"TYPED_URL","payload":"W:ChdSBMAv7swnWhNcmvIpmrzK05dQecuDAhC6k4GUj/LF93Y=","source":"1004"}]},"net":{"http_server_properties":{"servers":{"accounts.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"accounts.google.ie:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"accounts.youtube.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"apis.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients1.google.ie:443":{"supports_spdy":true},"clients2.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"clients4.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"csi.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"fonts.googleapis.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"lh5.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"plus.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"ssl.google-analytics.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"ssl.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"support.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":false},"support.google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"themes.googleusercontent.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"www.google-analytics.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.google.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.google.com:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.google.ie:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true},"www.google.ie:80":{"alternate_protocol":{"port":80,"protocol_str":"quic"},"supports_spdy":false},"www.gstatic.com:443":{"alternate_protocol":{"port":443,"protocol_str":"quic"},"supports_spdy":true}},"version":2}},"ntp":{"app_page_names":["Apps"]},"plugins":{"migrated_to_pepper_flash":true,"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":12,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"[*.]courses.moodleshare.com,*":{"plugins":1},"[*.]digital-cameras.wonderhowto.com,*":{"plugins":1},"[*.]fit.skillport.com,*":{"plugins":1},"[*.]hw.libsyn.com,*":{"plugins":1},"[*.]keepvid.com,*":{"plugins":1},"[*.]motionographer.com,*":{"plugins":1},"[*.]prezi.com,*":{"fullscreen":1},"[*.]simulator.capitalspreads.com,*":{"popups":1},"[*.]snipmp3.com,*":{"plugins":1},"[*.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.aldiphotos.ie,*":{"plugins":1},"[*.]www.barchart.com,*":{"plugins":1},"[*.]www.berkleemusic.com,*":{"plugins":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.lippu.fi,*":{"plugins":1},"[*.]www.lynda.com,*":{"plugins":1},"[*.]www.thebluesbrothers.ie,*":{"plugins":1},"[*.]www.vdat.com,*":{"plugins":1},"[*.]www.wordle.net,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"[*.]xlibrary.skillport.com,*":{"plugins":1},"https://[*.]developer.mozilla.org:443,*":{"fullscreen":1},"https://[*.]dl-web.dropbox.com:443,*":{"plugins":1},"https://[*.]downstairs-pc-izhkwiyqiq.app107.logmein.com:443,*":{"plugins":1},"https://[*.]iemp15570-gutzrwceka.app03-11.logmein.com:443,*":{"plugins":1},"https://[*.]na6.salesforce.com:443,*":{"popups":1},"https://[*.]trade.marketspreads.ie:443,*":{"popups":1},"https://[*.]www.customer.etrip.ie:443,*":{"popups":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1}},"pref_version":1},"created_by_version":"30.0.1599.69","exit_type":"Normal","exited_cleanly":true,"icon_version":2,"is_managed":false,"managed_user_id":"","name":"Frank on Downstairs PC"},"reverse_autologin":{"enabled":false},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["https://connect2.pb.com/dana-na/auth/url_default/welcome.cgi","http://www.google.com/],"startup_urls":["http:\/\/search.conduit.com\/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M11AA7B02-60E9-4277-9295-B0FF463B9193&SearchSource=55&CUI=&UM=5&UP=SP24FE1FE5-8012-484C-A803-059A4FB71395&SSPV="]},"sync":{"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAzXgn/Ql8hEOit6ERg6z6agAAAAACAAAAAAADZgAAqAAAABAAAADDvtjqAVeQA7F912gVN9KlAAAAAASAAACgAAAAEAAAACs74ruUYQCFyxAq/XyzYuE4AAAAdBOrkxiWB/am9NyahlBm6pr1pVrNOIXbNcMc7u7L/wtuz/YDrbPQEltk3mdF7UB8G0BOsZDddQgUAAAAGKBM5YyK6DMHuZ4Au3YWu4OHs1Y=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAzXgn/Ql8hEOit6ERg6z6agAAAAACAAAAAAADZgAAqAAAABAAAABHr6PiO/8PUU3rQm9L/4LmAAAAAASAAACgAAAAEAAAAG4dxhiKNv04bmdbdw+aJj1QAAAAVRRlPQqSmjXS0+r1c/Kd0UgQ0lWTWRmaSa+BM1VUECBhFC4i8oUzFESFq3hWOTFplWHxbE13EVbC6J+o+PygcwFTfzPwZRODzQKegYEBG7cUAAAAxR+5EqperC8CgFaTMuBYg0Ub/dg=","last_synced_time":"13030832295533000","passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncKO18mmX4ofYJL3eNL00ehw==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":2},"synced_notification":{"enabled_sending_services":["Google+"],"initialized_sending_services":["Google+"]},"translate_accepted_count":{"de":0,"fi":2,"fr":1,"ga":0,"nl":4,"pt":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"fi":0,"fr":0,"ga":1,"nl":0,"pt":0}}
 
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
==== Chromium Fix ======================
 
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.taxifarefinder.com_0.localstorage deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.taxifarefinder.com_0.localstorage-journal deleted successfully
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe deleted successfully
 
==== Empty IE Cache ======================
 
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frankie_Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Frankie_Standard\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frankie_Standard\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Frankie_Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\Frankie_Standard\AppData\Local\Mozilla\Firefox\Profiles\cdeomunx.default\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Frankie_Standard\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=321 folders=111 292528156 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Frankie Upstairs\AppData\Local\Temp will be emptied at reboot
C:\Users\Frankie_Standard\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Joan\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
Thanks again!!
Link to post
Share on other sites

Very good, we cleaned a lot of bad stuff. Now let's run FRST scan again for our last check. Tell me how is your PC now?
 
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Hi TWE,

 

Many thanks again - she's looking much happier..one mention of Astrmenda in FRST;

C:\Users\Frankie_Standard\AppData\Local\WSE_Astromenda
2014-09-26 22:41 - 2014-09-26 22:40 - 06057862 _____ (Tim Kosse)
 
Full report:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by Frankie_Upstairs (administrator) on UPSTAIRS-PC on 03-10-2014 09:11:53
Running from C:\Users\Frankie_Standard\Desktop\FRST
Loaded Profiles: Frankie_Upstairs & Frankie_Standard (Available profiles: Frankie_Upstairs & Joan & Frankie_Standard & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Realtek) C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtlService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\SAgent4.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtWLan.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Frankie_Standard\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIJAE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Frankie_Standard\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Conime] => C:\Windows\system32\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\real\realplayer\update\realsched.exe [296096 2012-07-09] (RealNetworks, Inc.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE2OTY2NTYyLVU5MCsxLVRQKzEtWE8zNisxLVRCOSsyLUZMKzktUUlYMSs0L (the data entry has 115 more characters).
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM\...\RunOnce: [{aece03a3-686f-4b3c-9931-9dafb71829b7}] => "C:\ProgramData\Package Cache\{aece03a3-686f-4b3c-9931-9dafb71829b7}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140724031729.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION
HKLM\...\RunOnce: [{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}] => "C:\ProgramData\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140809202730.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION
HKLM\...\RunOnce: [{b43ffffb-1adc-4bcb-b277-7844ebff94da}] => "C:\ProgramData\Package Cache\{b43ffffb-1adc-4bcb-b277-7844ebff94da}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140907044405.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION
HKLM\...\RunOnce: [{22939821-cd61-449c-8a03-cff0af03c156}] => "C:\ProgramData\Package Cache\{22939821-cd61-449c-8a03-cff0af03c156}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20141003022342.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION
HKLM\...\runonceex: [Flags] =>
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Frankie Upstairs\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [DellSystemDetect] => C:\Users\Frankie Upstairs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIJAE.EXE [249440 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Run: [spotify Web Helper] => C:\Users\Frankie Upstairs\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-27] (Spotify Ltd)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[s1].txt [2925 2014-10-03] ()
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\MountPoints2: {11077766-e5a1-11dd-af16-ee5ce01705ce} - F:\.\MigWiz\migsetup.exe
HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\...\MountPoints2: {613be87d-74d9-11dd-bd0a-92981d76fa6b} - K:\WD_Windows_Tools\Setup.exe
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Run: [spotify] => C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-24] (Spotify Ltd)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Run: [spotify Web Helper] => C:\Users\Frankie_Standard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-24] (Spotify Ltd)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIJAE.EXE [249440 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Run: [GoogleChromeAutoLaunch_0029CCB606135B1E95857C5DDCF82B53] => C:\Program Files\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk
ShortcutTarget: Heimdal.lnk -> C:\Program Files\Heimdal\Client\HeimdalAgent.exe (No File)
Startup: C:\Users\Frankie Upstairs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frankie Upstairs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frankie Upstairs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.bat ()
Startup: C:\Users\Frankie_Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frankie Upstairs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frankie_Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.bat ()
BootExecute: PDBoot.exeautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/?ocid=OIE9HP
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {33A329EE-7F7D-471E-AC67-15C54D970678} -  No File
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb.com/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 208.67.222.222
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-03]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> FF7BCE5588B60328D45809A8F03250D9AD61C4379EADD1CE711CA74CA1B0E903
CHR DefaultSearchKeyword: Default -> 595EB560523FA0F7B66AD642543C9D6D7AF464643B397D343A9E894F467C3217
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-26]
CHR Extension: (YouTube) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (https://learningnetwork.cisco.com/servlet/Jiv) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjledagifaepgcjkkcjkkhgcbjljbk [2012-11-11]
CHR Extension: (Tabman Tabs Manager) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2014-01-19]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-10-19]
CHR Extension: (Google Wallet) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (LogMeIn) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-10-20]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2013-10-12]
CHR Extension: (Gmail) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR CustomProfile: C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-19]
CHR Extension: (Lucidchart: Diagrams Online) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-10-19]
CHR Extension: (Google Drive) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-19]
CHR Extension: (YouTube) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-19]
CHR Extension: (Weebly - Website Builder) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2013-10-19]
CHR Extension: (Google Search) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-19]
CHR Extension: (Complitly plugin for chrome) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\defdhglnppeioeflggkmglipcecffkhk [2013-10-19]
CHR Extension: (Google Calendar) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-19]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-19]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2013-10-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-10-19]
CHR Extension: (Gmail) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-19]
CHR Extension: (Balsamiq Mockups) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pplbmgaodhjmbklkgkgmlghaekcfhhkk [2013-10-19]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S3 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-15] (Akamai Technologies, Inc.)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [90112 2004-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-09-09] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
S2 gupdate1c9a3f9c3e8f15f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-13] (Google Inc.)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2066224 2013-12-12] (Raxco Software, Inc.)
R2 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2189616 2013-12-12] (Raxco Software, Inc.)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) [File not signed]
R2 Realtek11nSU; C:\Program Files\Edimax\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 StatusAgent4; C:\Windows\system32\SAgent4.exe [136576 2011-05-25] (SEIKO EPSON CORPORATION)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2012-07-30] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1052480 2011-05-31] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 ZPXMCW; C:\Users\Joan\AppData\Local\Temp\ZPXMCW.exe [X]
S3 ZURPVOJ; C:\Users\Joan\AppData\Local\Temp\ZURPVOJ.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [384576 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [39488 2009-10-30] (BEHRINGER)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [100600 2012-09-10] (Focusrite Audio Engineering Limited.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
S3 RDID1076; C:\Windows\System32\Drivers\rdwm1076.sys [139392 2007-12-19] (Roland Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [39704 2007-01-24] (Belcarra Technologies)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-11-15] (AnchorFree Inc)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-06-04] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452432 2012-06-04] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283344 2012-06-04] (Paragon)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-04-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-04-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-04-27] (LG Electronics Inc.)
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2013-05-30] (Wondershare)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 wampapache; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 07:51 - 2014-10-03 07:51 - 00000763 _____ () C:\files.log
2014-10-03 07:51 - 2014-10-03 07:24 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-03 07:46 - 2014-10-03 07:51 - 00000147 _____ () C:\folders.log
2014-10-03 07:46 - 2014-10-03 07:51 - 00000000 ____D () C:\zoek
2014-10-03 07:27 - 2014-10-03 07:14 - 00037030 _____ () C:\zoek-results2014-10-03-061452.log
2014-10-02 23:36 - 2014-10-02 22:53 - 00000598 _____ () C:\zoek-results2014-10-02-215326.log
2014-10-02 23:16 - 2014-10-02 23:16 - 00000598 _____ () C:\Users\Frankie_Standard\Desktop\zoek-results.txt
2014-10-02 22:51 - 2014-10-03 07:51 - 00023576 _____ () C:\zoek-results.log
2014-10-02 22:49 - 2014-10-03 08:11 - 00000000 ____D () C:\zoek_backup
2014-10-02 22:45 - 2014-10-02 22:45 - 01290752 _____ () C:\Users\Frankie_Standard\Desktop\zoek.exe
2014-10-02 22:45 - 2014-10-02 22:45 - 00000680 _____ () C:\Users\Frankie_Standard\Desktop\zoek.htm
2014-10-02 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-02 22:03 - 2014-10-03 07:01 - 00000000 ____D () C:\AdwCleaner
2014-10-02 22:01 - 2014-10-02 22:01 - 01375089 _____ () C:\Users\Frankie_Standard\Desktop\AdwCleaner.exe
2014-10-01 20:11 - 2014-10-01 20:11 - 00007653 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01 (5).xml
2014-10-01 20:09 - 2014-10-01 20:09 - 00026994 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01 (4).xml
2014-10-01 19:36 - 2014-10-01 19:36 - 00026994 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01 (3).xml
2014-10-01 19:35 - 2014-10-01 19:35 - 00007653 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01 (2).xml
2014-10-01 19:31 - 2014-10-01 19:31 - 00070160 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01 (1).xml
2014-10-01 19:22 - 2014-10-01 19:22 - 00535909 _____ () C:\Users\Frankie_Standard\Downloads\fingalyouthorchestra.wordpress.2014-10-01.xml
2014-10-01 18:25 - 2014-10-03 09:12 - 00000000 ____D () C:\FRST
2014-10-01 18:23 - 2014-10-03 09:11 - 00000000 ____D () C:\Users\Frankie_Standard\Desktop\FRST
2014-09-29 21:29 - 2014-09-29 21:29 - 00001817 _____ () C:\Users\Frankie_Standard\Desktop\FYO_Web_Site.txt - Shortcut.lnk
2014-09-29 10:44 - 2014-09-29 10:44 - 06588560 _____ (TeamViewer GmbH) C:\Users\Frankie_Standard\Downloads\TeamViewer_Setup_en-ckf (2).exe
2014-09-29 10:44 - 2014-09-29 10:44 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\TeamViewer
2014-09-29 10:42 - 2014-09-29 10:46 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-29 10:42 - 2014-09-29 10:46 - 00000998 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-29 10:42 - 2014-09-29 10:42 - 00000000 ____D () C:\Users\Frankie Upstairs\AppData\Roaming\TeamViewer
2014-09-29 10:41 - 2014-09-29 10:41 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-29 10:40 - 2014-09-29 10:40 - 06588560 _____ (TeamViewer GmbH) C:\Users\Frankie_Standard\Downloads\TeamViewer_Setup_en-ckf (1).exe
2014-09-29 10:31 - 2014-09-29 10:31 - 06588560 _____ (TeamViewer GmbH) C:\Users\Frankie_Standard\Downloads\TeamViewer_Setup_en-ckf.exe
2014-09-27 23:25 - 2014-09-27 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
2014-09-27 20:57 - 2014-09-27 20:57 - 06498200 _____ (Microsoft Corporation) C:\Users\Frankie_Standard\Downloads\vcredist_x86 (2).exe
2014-09-27 20:55 - 2014-09-27 20:55 - 01415888 _____ (Microsoft Corporation) C:\Users\Frankie_Standard\Downloads\vcredist_arm.exe
2014-09-27 20:41 - 2014-09-27 20:41 - 05073240 _____ (Microsoft Corporation) C:\Users\Frankie_Standard\Downloads\vcredist_x86 (1).exe
2014-09-27 20:21 - 2014-09-27 20:22 - 05073240 _____ (Microsoft Corporation) C:\Users\Frankie_Standard\Downloads\vcredist_x86.exe
2014-09-27 19:19 - 2014-09-27 23:26 - 00000000 ____D () C:\wamp
2014-09-27 19:10 - 2014-09-27 19:11 - 39917641 _____ (Hervé Leclerc (HeL) ) C:\Users\Frankie_Standard\Downloads\wampserver2.5-Apache-2.4.9-Mysql-5.6.17-php5.5.12-32b.exe
2014-09-27 18:08 - 2014-09-27 18:09 - 153108026 _____ () C:\Users\Frankie_Standard\Downloads\20140927_fingalyouthorchestra_5426dbbe17f206901140927154606_archive (1).zip
2014-09-27 17:31 - 2014-09-27 17:32 - 153108026 _____ () C:\Users\Frankie_Standard\Downloads\20140927_fingalyouthorchestra_5426dbbe17f206901140927154606_archive.zip
2014-09-27 17:30 - 2014-09-27 17:30 - 00424508 _____ () C:\Users\Frankie_Standard\Downloads\installer.php
2014-09-27 15:26 - 2014-09-27 15:26 - 00000000 ____D () C:\Users\Frankie_Standard\Downloads\wordpress-4.0
2014-09-27 12:47 - 2014-10-01 22:26 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\FileZilla
2014-09-26 23:01 - 2014-09-27 12:32 - 00000000 ____D () C:\Users\Frankie Upstairs\AppData\Roaming\FileZilla
2014-09-26 23:00 - 2014-09-26 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-26 23:00 - 2014-09-26 23:00 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-09-26 22:59 - 2014-09-26 22:59 - 00000271 _____ () C:\Users\Frankie Upstairs\Desktop\Cut the Rope.url
2014-09-26 22:57 - 2014-09-26 22:57 - 04626416 _____ (Martin Prikryl ) C:\Users\Frankie_Standard\Downloads\winscp555setup (1).exe
2014-09-26 22:42 - 2014-09-26 22:42 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Local\WSE_Astromenda
2014-09-26 22:41 - 2014-09-26 22:40 - 06057862 _____ (Tim Kosse) C:\Users\Frankie_Standard\Downloads\FileZilla_3.9.0.5_win32-setup [1].exe
2014-09-26 22:35 - 2014-09-26 22:36 - 00764040 _____ ( ) C:\Users\Frankie_Standard\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-26 22:34 - 2014-09-26 22:34 - 00000600 _____ () C:\Users\Frankie_Standard\AppData\Roaming\winscp.rnd
2014-09-26 22:31 - 2014-09-26 22:31 - 00000600 _____ () C:\Users\Frankie Upstairs\AppData\Roaming\winscp.rnd
2014-09-26 22:14 - 2014-09-26 22:14 - 00000881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-09-26 22:14 - 2014-09-26 22:14 - 00000000 ____D () C:\Program Files\WinSCP
2014-09-26 20:59 - 2014-09-26 20:59 - 00064276 _____ () C:\Users\Frankie_Standard\Downloads\cookie-notice.1.2.12.zip
2014-09-26 11:42 - 2014-09-26 11:42 - 06585122 _____ () C:\Users\Frankie_Standard\Downloads\wordpress-4.0.zip
2014-09-25 21:10 - 2014-09-25 21:11 - 04626416 _____ (Martin Prikryl ) C:\Users\Frankie_Standard\Downloads\winscp555setup.exe
2014-09-25 21:01 - 2014-09-25 21:01 - 00000000 _____ () C:\Users\Frankie_Standard\Downloads\pemhtaccess (1).txt
2014-09-24 21:49 - 2014-09-24 21:49 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\Wireshark
2014-09-24 19:47 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:44 - 2014-09-24 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2014-09-24 10:43 - 2014-09-24 10:44 - 00000000 ____D () C:\Program Files\Cisco Packet Tracer 5.3.3
2014-09-24 09:44 - 2014-09-24 09:45 - 50627326 _____ (Cisco Systems, Inc. ) C:\Users\Frankie_Standard\Downloads\PacketTracer533_setup_no_tutorials.exe
2014-09-22 22:54 - 2014-09-22 22:54 - 00000000 _____ () C:\Users\Frankie_Standard\Downloads\pemhtaccess.txt
2014-09-21 22:46 - 2014-09-21 22:46 - 00000046 _____ () C:\Users\Frankie_Standard\Desktop\php.ini
2014-09-18 20:15 - 2014-09-18 20:16 - 00012675 _____ () C:\Users\Frankie_Standard\Downloads\fourteen-colors.1.2.zip
2014-09-18 12:04 - 2014-09-18 12:04 - 04426582 _____ () C:\Users\Frankie_Standard\Downloads\nextgen-gallery.zip
2014-09-18 12:04 - 2014-09-18 12:04 - 00000000 ____D () C:\Users\Frankie_Standard\Downloads\nextgen-gallery
2014-09-17 22:48 - 2014-09-17 22:48 - 00000000 ____D () C:\Users\Frankie_Standard\Downloads\simple-custom-css
2014-09-17 22:47 - 2014-09-17 22:48 - 00079151 _____ () C:\Users\Frankie_Standard\Downloads\simple-custom-css.zip
2014-09-14 20:43 - 2014-09-14 20:43 - 00000000 ____D () C:\Users\Frankie_Standard\Downloads\twentyfourteen.1.2 (1)
2014-09-14 20:37 - 2014-09-14 20:40 - 00812407 _____ () C:\Users\Frankie_Standard\Downloads\twentyfourteen.1.2 (1).zip
2014-09-14 20:34 - 2014-09-14 20:36 - 00160600 _____ () C:\Users\Frankie_Standard\Downloads\twentyfourteen.1.2.zip
2014-09-14 19:49 - 2014-09-29 21:24 - 00003107 _____ () C:\Users\Frankie_Standard\Desktop\Was FYO_Web_Site.txt.txt
2014-09-12 03:28 - 2014-08-15 15:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:28 - 2014-08-15 15:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:28 - 2014-08-15 15:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:28 - 2014-08-15 15:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:28 - 2014-08-15 15:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:28 - 2014-08-15 15:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:28 - 2014-08-15 15:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:28 - 2014-08-15 15:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:28 - 2014-08-15 15:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-12 03:28 - 2014-08-15 15:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:28 - 2014-08-15 15:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:28 - 2014-08-15 15:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:28 - 2014-08-15 15:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-12 03:28 - 2014-08-15 15:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-11 08:23 - 2014-09-11 08:23 - 00188416 _____ () C:\Users\Frankie_Standard\Downloads\deis_school_list.xls
2014-09-08 20:59 - 2014-09-08 20:59 - 00020480 _____ () C:\Users\Frankie_Standard\Downloads\Contact Nos for Frank - 20-02-14.xlsx
2014-09-07 08:57 - 2014-09-07 08:57 - 00000151 _____ () C:\Users\Frankie_Standard\Downloads\Minor_third_on_C.mid
2014-09-06 23:41 - 2014-09-06 23:42 - 00000290 _____ () C:\Users\Frankie_Standard\Downloads\D_minor_triad.mid
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 09:02 - 2009-06-30 20:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 08:56 - 2014-03-19 00:09 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\Spotify
2014-10-03 08:27 - 2006-11-02 13:52 - 01830642 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 08:20 - 2014-03-01 18:40 - 00000000 ___RD () C:\Users\Frankie_Standard\Dropbox
2014-10-03 08:19 - 2014-03-01 18:37 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\Dropbox
2014-10-03 08:16 - 2008-03-11 00:25 - 00000000 ____D () C:\MDT
2014-10-03 08:13 - 2009-06-30 20:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 08:11 - 2008-03-10 18:41 - 00559708 _____ () C:\Windows\PFRO.log
2014-10-03 08:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 08:11 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 08:11 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 08:10 - 2006-11-02 14:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-03 00:00 - 2008-03-09 14:27 - 00000000 ____D () C:\Users\Frankie Upstairs
2014-10-03 00:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-10-02 23:20 - 2006-11-02 13:47 - 03939304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 08:37 - 2014-05-23 22:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-30 06:24 - 2014-03-19 00:10 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Local\Spotify
2014-09-29 21:46 - 2014-03-01 15:19 - 00106920 _____ () C:\Users\Frankie_Standard\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 23:57 - 2014-03-01 15:18 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\Adobe
2014-09-24 22:44 - 2012-05-04 22:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 20:24 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-09-24 20:12 - 2012-05-04 22:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 20:12 - 2011-06-04 13:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 07:41 - 2009-10-05 13:35 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 22:34 - 2006-11-02 11:33 - 00763546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 07:17 - 2014-03-01 18:40 - 00001001 _____ () C:\Users\Frankie_Standard\Desktop\Dropbox.lnk
2014-09-18 07:17 - 2014-03-01 18:38 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 21:38 - 2014-03-01 18:28 - 00013824 _____ () C:\Users\Frankie_Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-12 03:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-12 03:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 03:27 - 2013-08-15 00:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:09 - 2006-11-02 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-12 03:08 - 2012-05-01 03:02 - 00001869 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 03:08 - 2011-07-04 22:36 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-12 03:07 - 2011-07-04 22:34 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-09 21:18 - 2014-03-01 15:16 - 00000000 ____D () C:\Users\Frankie_Standard
 
Some content of TEMP:
====================
C:\Users\Frankie_Standard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppquolw.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-03 08:29
 
==================== End Of Log ============================
Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 
 

Hi again,
 
What's youre advice re running MBAM and Security Essentials simultaneously? Is the Premium ver of MBAM sufficient on its own?
 
suff

 

 

After FRST fix, tell me how is your PC now? Yes, running MBAM along with antivirus is good idea.

fixlist.txt

Link to post
Share on other sites

Hi again,

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by Frankie_Upstairs at 2014-10-03 10:09:21 Run:1
Running from C:\Users\Frankie_Standard\Desktop\FRST
Loaded Profiles: Frankie_Upstairs & Frankie_Standard (Available profiles: Frankie_Upstairs & Joan & Frankie_Standard & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
CHR Extension: (https://learningnetw...com/servlet/Jiv) - C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjledagifaepgcjkkcjkkhgcbjljbk [2012-11-11]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 ZPXMCW; C:\Users\Joan\AppData\Local\Temp\ZPXMCW.exe [X]
S3 ZURPVOJ; C:\Users\Joan\AppData\Local\Temp\ZURPVOJ.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 wampapache; No ImagePath
2014-09-26 22:42 - 2014-09-26 22:42 - 00000000 ____D () C:\Users\Frankie_Standard\AppData\Local\WSE_Astromenda
 
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...NkdPS0ItSkhGTkg"&"inst=NzctNjE2OTY2NTYyLVU5MCsxLVRQKzEtWE8zNisxLVRCOSsyLUZMKzktUUlYMSs0L (the data entry has 115 more characters). => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [{aece03a3-686f-4b3c-9931-9dafb71829b7}] => "C:\ProgramData\Package Cache\{aece03a3-686f-4b3c-9931-9dafb71829b7}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140724031729.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}] => "C:\ProgramData\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140809202730.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [{b43ffffb-1adc-4bcb-b277-7844ebff94da}] => "C:\ProgramData\Package Cache\{b43ffffb-1adc-4bcb-b277-7844ebff94da}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20140907044405.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM\...\RunOnce: [{22939821-cd61-449c-8a03-cff0af03c156}] => "C:\ProgramData\Package Cache\{22939821-cd61-449c-8a03-cff0af03c156}\GarminExpressInstaller.exe" /quiet /burn.log.append "C:\Windows\TEMP\Garmin_Express_20141003022342.log" LAUNCHTRAY=0 /burn.runonce <===== ATTENTION => Value not found.
"HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11077766-e5a1-11dd-af16-ee5ce01705ce}" => Key deleted successfully.
"HKCR\CLSID\{11077766-e5a1-11dd-af16-ee5ce01705ce}" => Key not found.
"HKU\S-1-5-21-1455844819-1188380554-1375573089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{613be87d-74d9-11dd-bd0a-92981d76fa6b}" => Key deleted successfully.
"HKCR\CLSID\{613be87d-74d9-11dd-bd0a-92981d76fa6b}" => Key not found.
HKU\S-1-5-21-1455844819-1188380554-1375573089-1013\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml => Moved successfully.
C:\Users\Frankie Upstairs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjledagifaepgcjkkcjkkhgcbjljbk => Moved successfully.
NMIndexingService => Service deleted successfully.
rpcapd => Service deleted successfully.
ZPXMCW => Service deleted successfully.
ZURPVOJ => Service deleted successfully.
blbdrive => Service deleted successfully.
DIRECTIO => Service deleted successfully.
IpInIp => Service deleted successfully.
LMIInfo => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
wampapache => Service deleted successfully.
C:\Users\Frankie_Standard\AppData\Local\WSE_Astromenda => Moved successfully.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
I'm not getting infected messages from MBAM, but am under pressure as I need to head to work. I'll kick off MBAM threat scan and will let you know results later.
 
many thanks Eagle!!
Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifFiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: xbtn_donate_SM.gif.pagespeed.ic.MMi5tqVp

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.