Jump to content

Unable to download Windows 7 update


Recommended Posts

Hello
 
I am working on my friends PC and he is unable to download windows updates and firefox. He had multiple malware programs as well as freeware and was unable to get on the internet. He took over 20 seconds to fully load on start up. I've gone into his uninstall and deleted tool bars freeware and obvious malware. Then I ran MB and then ccleaner. Then used Hiren's boot CD to open mini xp and run MB while in that and it found a virus malware. His computer is now able to load in 5 seconds and he is able to get on the internet and play runescape, but I still can't download programs such as firefox and windows updates. 
 
 
His specs are 
 
Toshiba Satellite C655
Intel Core i3-2330M CPU @ 2.20 GHz 2.20 GHz
4.0 GB ram
64-bit
Windows 7 Home Premium
 
Any help would be appreciated.

Addition.txt

FRST.txt

Malwarebytes Scan Log.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Sorry for taking so long to reply with the information. Here are the report logs.

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/07/2014 08:34:42 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/07/2014 08:35:16 AM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)
 
_____________________________________________________________________________________________________________________________
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/7/2014
Scan Time: 8:46:00 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.07.06
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: r
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347764
Time Elapsed: 17 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
_____________________________________________________________________________________________________________________________
 
RogueKiller V9.3.0.0 (x64) [Oct  6 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : r [Admin rights]
Mode : Scan -- Date : 10/07/2014  09:19:49
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 34 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2636616572-4191175807-3233835049-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2636616572-4191175807-3233835049-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=19.9.1.14  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2636616572-4191175807-3233835049-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2636616572-4191175807-3233835049-1000\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF9E2BA5-5AA3-4360-8A7E-74A06830D9FC} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CF9E2BA5-5AA3-4360-8A7E-74A06830D9FC} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CF9E2BA5-5AA3-4360-8A7E-74A06830D9FC} | NameServer : 75.126.206.18,184.173.169.186  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : iexplore.exe  -> FOUND
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : iexplore.exe  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_Dlls : C:\Users\r\AppData\Local\Linkey\IEEXTE~1\iedll64.dll  -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] Rocket Updater.job -- C:\Users\r\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] UpdaterEX.job -- C:\Users\r\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++
--- User ---
[MBR] 19c6b1a929af46d67b725cd7149105a0
[bSP] 164e43d1a5a092730bcad9ead4c92727 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 291176 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 599402496 | Size: 12568 MB
User = LL1 ... OK
User = LL2 ... OK
 
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

While using these scanners the problem was fixed and I was able to download Windows 7 updates. Though is there any chance you could tell me what was wrong with it?


 


Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.1 (10.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by r on Tue 10/07/2014 at 22:22:18.13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

Successfully stopped: [service] netfilter64 

Successfully deleted: [service] netfilter64 

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655185555}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655195513}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666186655}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666196613}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644184455}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644194413}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655185555}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655195513}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666186655}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666196613}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644184455}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194413}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655185555}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655195513}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666186655}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666196613}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644184455}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644194413}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655185555}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655195513}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666186655}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666196613}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644184455}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194413}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\windows\Tasks\APSnotifierPP1.job

Successfully deleted: [File] C:\windows\Tasks\Driver Support-RTMRules.job

Successfully deleted: [File] C:\windows\Tasks\Driver Support-RTMScan.job

Successfully deleted: [File] C:\windows\Tasks\Driver Support-RTMUpdater.job

Successfully deleted: [File] "C:\Users\r\desktop\live pc help.lnk"

Successfully deleted: [File] "C:\windows\wininit.ini"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\ProgramData\BettterPriCEChec

Successfully deleted: [Folder] C:\ProgramData\CliiCkForSaele

Successfully deleted: [Folder] C:\ProgramData\dEal4moE

Successfully deleted: [Folder] C:\ProgramData\DeaulExpResss

Successfully deleted: [Folder] C:\ProgramData\LeuCkyCoupoN

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\ProgramData\driver support"

Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"

Successfully deleted: [Folder] "C:\ProgramData\wincert"

Successfully deleted: [Folder] "C:\Users\r\AppData\Roaming\rocketupdater"

Successfully deleted: [Folder] "C:\Users\r\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\r\appdata\local\genienext"

Successfully deleted: [Folder] "C:\Users\r\appdata\local\mobogenie"

Successfully deleted: [Folder] "C:\Users\r\appdata\local\pc_drivers_headquarters"

Successfully deleted: [Folder] "C:\Users\r\appdata\local\rocket"

Successfully deleted: [Folder] "C:\Users\r\appdata\local\torch"

Successfully deleted: [Folder] "C:\Users\r\appdata\locallow\smartbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\bench"

Successfully deleted: [Folder] "C:\Program Files (x86)\driver support"

Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"

Successfully deleted: [Folder] "C:\Program Files (x86)\netcrawl"

Successfully deleted: [Folder] "C:\Program Files (x86)\pcfixspeed"

Successfully deleted: [Folder] "C:\Program Files (x86)\predm"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver support"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 10/07/2014 at 22:26:07.84

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

____________________________________________________________________________________________________________

 

 


# AdwCleaner v3.311 - Report created 07/10/2014 at 22:47:25

# Updated 30/09/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : r - R-PC

# Running from : C:\Users\r\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622

 

***** [ Files / Folders ] *****

 

[#] Folder Deleted : C:\ProgramData\BitGuard

[#] Folder Deleted : C:\ProgramData\Browser Manager

[#] Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\ProgramData\KiNgCoupeonn

Folder Deleted : C:\ProgramData\QueeenCoupoN

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline

Folder Deleted : C:\Program Files (x86)\globalUpdate

Folder Deleted : C:\Program Files (x86)\iMesh Applications

Folder Deleted : C:\Program Files (x86)\Music Toolbar

Folder Deleted : C:\Program Files (x86)\PCTechHotline

Folder Deleted : C:\Program Files\Quiknowledge

Folder Deleted : C:\Users\r\AppData\Local\Chromatic Browser

Folder Deleted : C:\Users\r\AppData\Local\globalUpdate

[x] Not Deleted : C:\Users\r\AppData\Local\iMesh

[x] Not Deleted : C:\Users\r\AppData\LocalLow\imeshmusicboxtoolbarha

Folder Deleted : C:\Users\r\AppData\roaming\PC Tech Hotline

Folder Deleted : C:\Users\r\AppData\roaming\UpdaterEX

Folder Deleted : C:\Users\r\Documents\Mobogenie

File Deleted : C:\END

File Deleted : C:\Users\r\daemonprocess.txt

File Deleted : C:\Users\r\AppData\roaming\aps.uninstall.scan.results

File Deleted : C:\Users\r\AppData\roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk

File Deleted : C:\Users\r\AppData\roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk

File Deleted : C:\Users\r\Desktop\Sync Folder.lnk

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : Driver Support-RTMRules

Task Deleted : Driver Support-RTMScan

Task Deleted : Driver Support-RTMScanRunOnce

Task Deleted : Driver Support-RTMUpdater

Task Deleted : globalUpdateUpdateTaskMachineCore

Task Deleted : Rocket Updater

Task Deleted : SMupdate1

Task Deleted : SPDriver

Task Deleted : SpeedUpMyPC Maintenance

Task Deleted : SpeedUpMyPC Startup

Task Deleted : UpdaterEX

Task Deleted : Yahoo! Search

Task Deleted : YTDownloader

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Users\r\Desktop\Search.lnk

Shortcut Disinfected : C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery

Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD

Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device

Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file

Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}

Key Deleted : HKCU\Software\APN DTX

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\Imesh

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\RegisteredApplicationsEx

Key Deleted : HKCU\Software\Rocket Browser

Key Deleted : HKCU\Software\RocketUpdater

Key Deleted : HKCU\Software\ShopperPro

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKCU\Software\VuuPC

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\SOFTWARE\AdvertisingSupport

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh

Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings 

Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : [x64] HKLM\SOFTWARE\iWebar-nv

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\r\AppData\Local\Linkey\IEEXTE~1\iedll64.dll

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17280

 

 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v35.0.1916.114

 

[ File : C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [19051 octets] - [07/10/2014 22:35:20]

AdwCleaner[s0].txt - [18282 octets] - [07/10/2014 22:47:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [18343 octets] ##########

 


_____________________________________________________________________________________________________________

 

 

 


Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Protection, 10/8/2014 8:17:43 AM, SYSTEM, R-PC, Protection, Malware Protection, Starting, 

Protection, 10/8/2014 8:17:43 AM, SYSTEM, R-PC, Protection, Malware Protection, Started, 

Protection, 10/8/2014 8:17:43 AM, SYSTEM, R-PC, Protection, Malicious Website Protection, Starting, 

Protection, 10/8/2014 8:17:46 AM, SYSTEM, R-PC, Protection, Malicious Website Protection, Started, 

Protection, 10/8/2014 8:32:22 AM, SYSTEM, R-PC, Protection, Malware Protection, Stopping, 

Protection, 10/8/2014 8:32:24 AM, SYSTEM, R-PC, Protection, Malware Protection, Stopped, 

Protection, 10/8/2014 8:33:08 AM, SYSTEM, R-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 10/8/2014 8:33:08 AM, SYSTEM, R-PC, Protection, Malicious Website Protection, Stopped, 

Update, 10/8/2014 8:59:59 AM, SYSTEM, R-PC, Scheduler, Malware Database, 2014.10.7.16, 2014.10.8.3, 

Protection, 10/8/2014 8:59:59 AM, SYSTEM, R-PC, Protection, Refresh, Starting, 

Protection, 10/8/2014 9:01:38 AM, SYSTEM, R-PC, Protection, Refresh, Success, 

Update, 10/8/2014 9:50:07 AM, SYSTEM, R-PC, Scheduler, Malware Database, 2014.10.8.3, 2014.10.8.4, 

Protection, 10/8/2014 9:50:08 AM, SYSTEM, R-PC, Protection, Refresh, Starting, 

Protection, 10/8/2014 9:50:15 AM, SYSTEM, R-PC, Protection, Refresh, Success, 

Update, 10/8/2014 11:54:03 AM, SYSTEM, R-PC, Scheduler, Malware Database, 2014.10.8.4, 2014.10.8.5, 

Protection, 10/8/2014 11:54:06 AM, SYSTEM, R-PC, Protection, Refresh, Starting, 

Protection, 10/8/2014 11:56:04 AM, SYSTEM, R-PC, Protection, Refresh, Success, 

Protection, 10/8/2014 12:41:29 PM, SYSTEM, R-PC, Protection, Malware Protection, Starting, 

Protection, 10/8/2014 12:41:29 PM, SYSTEM, R-PC, Protection, Malware Protection, Started, 

Protection, 10/8/2014 12:41:33 PM, SYSTEM, R-PC, Protection, Malicious Website Protection, Starting, 

Protection, 10/8/2014 12:41:33 PM, SYSTEM, R-PC, Protection, Malicious Website Protection, Started, 

 

(end)


 


 


_____________________________________________________________________________________________________________


 


ESET Log


 


C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\iMesh\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\iMesh Applications\iMesh\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.L potentially unwanted application

C:\Users\r\.frostwire5\updates\frostwire-5.7.6.windows.coc.premium.exe a variant of Win32/OpenCandy.A potentially unsafe application

C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/DomaIQ.BK potentially unwanted application

C:\Users\r\AppData\Local\Temp\4160858.Uninstall\uninstaller.exe Win32/InstallCore.PC potentially unwanted application

C:\Windows\Installer\89989.msi a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\Windows\Installer\bfde2.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Windows\Installer\MSI74E3.tmp-\Smartbar.Resources.LanguageSettings.resources.dll a variant of MSIL/Toolbar.Linkury.E potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\spbl.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\srbs.dll a variant of MSIL/Toolbar.Linkury.C potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application

C:\Windows\Installer\MSI74E3.tmp-\srptc.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-PLT2-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsaFBB0.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-PLT2-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsaFBB0.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
Link to post
Share on other sites

FRST Log


 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01

Ran by r (administrator) on R-PC on 08-10-2014 12:32:38

Running from C:\Users\r\Downloads

Loaded Profile: r (Available profiles: r)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\windows\system32\osk.exe [692736 2014-06-17] (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - {1180B0F9-3A46-47D8-BE5A-ACD69E72FF60} URL = http://www.google.co...ng}&rlz=1I7TSNO

SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM-x32 - No Name - {0307351f-b2d7-41f2-b44a-8af7d9d90a18} -  No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.99.1

Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186

Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186

Tcpip\..\Interfaces\{CF9E2BA5-5AA3-4360-8A7E-74A06830D9FC}: [NameServer] 75.126.206.18,184.173.169.186

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\r\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\r\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: iMeshPlugin -> C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Norton Confidential) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File

CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

CHR Profile: C:\Users\r\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]

CHR Extension: (Google Wallet) - C:\Users\r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-08] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-08 12:32 - 2014-10-08 12:32 - 00014594 _____ () C:\Users\r\Downloads\FRST.txt

2014-10-08 12:30 - 2014-10-08 12:30 - 02109952 _____ (Farbar) C:\Users\r\Downloads\FRST64.exe

2014-10-08 12:29 - 2014-10-08 12:29 - 00002520 _____ () C:\Users\r\Desktop\ESET.txt

2014-10-08 08:59 - 2014-10-08 09:00 - 00000000 ____D () C:\Users\r\Downloads\Download Setups

2014-10-07 23:25 - 2014-10-07 23:25 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-10-07 23:20 - 2014-10-07 23:22 - 02347384 _____ (ESET) C:\Users\r\Desktop\esetsmartinstaller_enu.exe

2014-10-07 23:02 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2014-10-07 23:02 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

2014-10-07 23:01 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2014-10-07 23:01 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll

2014-10-07 22:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll

2014-10-07 22:34 - 2014-10-07 22:47 - 00000000 ____D () C:\AdwCleaner

2014-10-07 22:33 - 2014-10-07 22:34 - 01375089 _____ () C:\Users\r\Desktop\AdwCleaner.exe

2014-10-07 22:26 - 2014-10-07 22:26 - 00007700 _____ () C:\Users\r\Desktop\JRT.txt

2014-10-07 22:22 - 2014-10-07 22:22 - 00000000 ____D () C:\windows\ERUNT

2014-10-07 22:20 - 2014-10-07 22:20 - 01705141 _____ (Thisisu) C:\Users\r\Desktop\JRT.exe

2014-10-07 09:25 - 2014-10-07 09:25 - 00000320 _____ () C:\windows\Tasks\0914avUpdateInfo.job

2014-10-07 09:25 - 2014-10-07 09:25 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av

2014-10-07 09:11 - 2014-10-07 09:11 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys

2014-10-07 09:11 - 2014-10-07 09:11 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-10-07 08:46 - 2014-10-07 08:46 - 05491800 _____ () C:\Users\r\Desktop\RogueKillerX64.exe

2014-10-07 08:41 - 2014-10-07 08:41 - 00000000 ____D () C:\windows\ERDNT

2014-10-07 08:40 - 2014-10-07 08:40 - 00000939 _____ () C:\Users\r\Desktop\NTREGOPT.lnk

2014-10-07 08:40 - 2014-10-07 08:40 - 00000920 _____ () C:\Users\r\Desktop\ERUNT.lnk

2014-10-07 08:40 - 2014-10-07 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-10-07 08:40 - 2014-10-07 08:40 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-10-07 08:37 - 2014-10-07 08:37 - 00791393 _____ (Lars Hederer ) C:\Users\r\Desktop\erunt-setup.exe

2014-10-07 08:34 - 2014-10-07 08:35 - 00002860 _____ () C:\Users\r\Desktop\Rkill.txt

2014-10-07 08:34 - 2014-10-07 08:34 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\r\Desktop\iExplore.exe

2014-10-03 10:11 - 2014-10-03 10:14 - 00041402 _____ () C:\Users\r\Downloads\Addition.txt

2014-10-03 10:07 - 2014-10-08 12:32 - 00000000 ____D () C:\FRST

2014-10-03 09:37 - 2014-10-03 09:37 - 00000000 ____D () C:\Users\r\AppData\Roaming\TuneUp Software

2014-10-03 09:37 - 2014-10-03 09:37 - 00000000 ____D () C:\Users\r\AppData\Roaming\AVG2015

2014-10-03 09:37 - 2014-10-03 09:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-10-03 09:36 - 2014-10-03 09:37 - 00000000 ____D () C:\ProgramData\AVG2015

2014-10-03 09:36 - 2014-10-03 09:36 - 00000000 ___HD () C:\$AVG

2014-10-03 09:33 - 2014-10-08 08:17 - 00000000 ____D () C:\ProgramData\MFAData

2014-10-03 09:33 - 2014-10-03 09:40 - 00000000 ____D () C:\Users\r\AppData\Local\Avg2015

2014-10-03 09:33 - 2014-10-03 09:33 - 00000000 ____D () C:\Users\r\AppData\Local\MFAData

2014-10-03 09:27 - 2014-10-07 08:24 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-10-03 09:27 - 2014-10-07 08:23 - 00000000 ____D () C:\ProgramData\Avg

2014-10-03 09:26 - 2014-10-07 08:23 - 00000000 ____D () C:\Users\r\AppData\Local\AvgSetupLog

2014-10-03 09:26 - 2014-10-03 09:26 - 00000000 ____D () C:\Users\r\AppData\Local\Avg

2014-10-03 09:05 - 2014-10-03 09:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-10-03 09:05 - 2014-10-03 09:05 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-10-03 09:04 - 2014-10-03 09:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-10-03 09:04 - 2014-10-03 09:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-10-03 09:04 - 2014-10-03 09:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-10-03 09:00 - 2014-10-03 09:00 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-03 09:00 - 2014-10-03 09:00 - 00000884 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfdf09f2fa8a24.job

2014-10-03 09:00 - 2014-10-03 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-03 08:59 - 2014-10-08 12:28 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-10-03 08:59 - 2014-10-03 08:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-10-03 08:59 - 2014-10-03 08:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-03 08:50 - 2014-10-03 08:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-10-03 08:49 - 2014-10-03 08:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-10-03 08:49 - 2014-10-03 08:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-10-03 08:49 - 2014-10-03 08:49 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-02 10:59 - 2014-10-08 11:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-02 10:58 - 2014-10-02 10:58 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-02 10:58 - 2014-10-02 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-02 10:58 - 2014-10-02 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-02 10:58 - 2014-10-02 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-02 10:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-10-02 10:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-10-02 10:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-10-02 10:31 - 2014-10-08 09:47 - 00279220 _____ () C:\windows\WindowsUpdate.log

2014-10-02 10:28 - 2014-10-08 08:12 - 00001232 _____ () C:\windows\setupact.log

2014-10-02 10:28 - 2014-10-07 22:50 - 01045134 _____ () C:\windows\PFRO.log

2014-10-02 10:28 - 2014-10-02 10:28 - 00000000 _____ () C:\windows\setuperr.log

2014-10-02 10:08 - 2014-10-02 10:26 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-10-02 10:08 - 2014-10-02 10:26 - 00000000 ____D () C:\Program Files\CCleaner

2014-10-02 10:08 - 2014-10-02 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-10-02 08:47 - 2014-10-02 08:48 - 00000000 ____D () C:\Users\r\Desktop\DCIC_Disk

2014-10-02 08:47 - 2002-01-21 19:30 - 02060895 _____ (Macromedia, Inc.) C:\Users\r\Desktop\DCTBCD.exe

2014-10-02 08:26 - 2014-10-02 08:29 - 00000000 ____D () C:\windows\pss

2014-10-02 08:12 - 2014-10-02 08:12 - 00000000 ____D () C:\ProgramData\27133

2014-10-02 00:09 - 2014-10-02 00:09 - 00002896 _____ () C:\{D51F4907-7D56-4EF3-BAD8-C64882225970}

2014-09-12 18:13 - 2014-09-12 18:13 - 00003792 _____ () C:\{9D242C50-3496-4B7C-900D-18425D5042CF}

2014-09-12 16:53 - 2014-10-02 08:17 - 00000358 _____ () C:\TMachInfo.log

2014-09-10 23:21 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-09-10 23:21 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-09-10 23:21 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-09-10 23:21 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-09-10 23:21 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2014-09-10 23:21 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-09-10 23:21 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-09-10 23:21 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-09-10 23:21 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2014-09-10 23:21 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-09-10 23:21 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2014-09-10 23:21 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2014-09-10 23:21 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-09-10 23:21 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-09-10 23:21 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-09-10 23:21 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-09-10 23:21 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2014-09-10 23:21 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2014-09-10 23:21 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2014-09-10 23:21 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-09-10 23:21 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2014-09-10 23:21 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-09-10 23:21 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2014-09-10 23:21 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 23:21 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-09-10 23:21 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll

2014-09-10 23:21 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll

2014-09-10 23:21 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-09-10 23:21 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-09-10 23:21 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-09-10 23:21 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-09-10 23:21 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-09-10 23:21 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-09-10 23:21 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-09-10 23:21 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

2014-09-10 23:21 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll

2014-09-10 23:21 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-09-10 23:21 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-09-10 23:21 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-09-10 23:21 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-09-10 23:21 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2014-09-10 23:21 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 23:21 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-09-10 23:21 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-09-10 23:21 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-09-10 23:21 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-09-10 23:21 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-09-10 23:21 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-09-10 23:21 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-09-10 23:21 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-09-10 23:21 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll

2014-09-10 23:21 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-09-10 23:21 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-09-10 23:21 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-09-10 23:21 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2014-09-10 23:21 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2014-09-10 23:03 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2014-09-10 23:03 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 23:00 - 2014-09-10 23:00 - 00003062 _____ () C:\windows\System32\Tasks\{E5EB66C9-1BD6-4891-A659-DA5BD4343873}

2014-09-10 22:14 - 2014-09-10 22:14 - 00000000 ____D () C:\Program Files (x86)\BettterPriCEChec

2014-09-10 22:11 - 2014-09-10 22:11 - 00003504 _____ () C:\windows\System32\Tasks\iolo System Checkup

2014-09-10 22:10 - 2014-10-02 10:41 - 00000000 ____D () C:\ProgramData\iolo

2014-09-10 22:10 - 2014-09-10 22:10 - 00074703 _____ () C:\windows\SysWOW64\mfc45.dat

2014-09-10 22:10 - 2014-09-10 22:10 - 00000000 ____D () C:\Program Files (x86)\iolo

2014-09-10 17:39 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2014-09-10 17:39 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll

2014-09-10 17:39 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2014-09-10 17:39 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll

2014-09-10 17:36 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-09-10 17:36 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-09-10 17:36 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-09-10 17:36 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-09-10 17:36 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-09-10 17:35 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-09-10 17:35 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-09-10 14:18 - 2014-09-10 14:18 - 00000000 ____D () C:\Users\r\AppData\Roaming\RHEng

2014-09-08 20:34 - 2014-09-10 14:08 - 00000000 ____D () C:\Users\r\Documents\ProPCCleaner

2014-09-08 20:34 - 2014-09-10 14:04 - 00003444 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup

2014-09-08 20:34 - 2014-09-08 20:34 - 00003180 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start

2014-09-08 20:34 - 2014-09-08 20:34 - 00000000 ____D () C:\Users\r\AppData\Local\Pro_PC_Cleaner

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-08 12:01 - 2013-10-06 19:36 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-08 11:56 - 2013-12-22 03:51 - 00000912 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2636616572-4191175807-3233835049-1000UA.job

2014-10-08 08:20 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-08 08:20 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-08 08:12 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-10-07 22:47 - 2014-08-31 15:06 - 00001115 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-10-07 22:47 - 2014-08-31 15:06 - 00001085 _____ () C:\Users\r\Desktop\Search.lnk

2014-10-07 22:47 - 2013-10-06 20:04 - 00000000 ____D () C:\Users\r

2014-10-07 22:16 - 2009-07-14 01:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT

2014-10-07 21:41 - 2013-10-06 22:15 - 00000024 _____ () C:\Users\r\random.dat

2014-10-07 21:12 - 2013-10-06 22:14 - 00000024 _____ () C:\Users\r\jagexappletviewer.preferences

2014-10-07 20:18 - 2013-10-06 22:15 - 00000040 _____ () C:\Users\r\jagex_cl_runescape_LIVE.dat

2014-10-07 09:24 - 2014-01-17 21:10 - 00000000 ____D () C:\Users\r\AppData\Local\CrashDumps

2014-10-04 19:32 - 2014-01-26 16:36 - 00000041 _____ () C:\Users\r\jagex_cl_runescape_LIVE1.dat

2014-10-04 19:25 - 2014-08-09 01:13 - 00000000 ____D () C:\Users\r\.frostwire5

2014-10-04 19:08 - 2009-07-14 01:13 - 00798818 _____ () C:\windows\system32\PerfStringBackup.INI

2014-10-03 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF

2014-10-03 09:31 - 2011-08-07 22:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-10-03 09:04 - 2013-10-06 20:09 - 00000000 ____D () C:\Users\r\AppData\Roaming\Adobe

2014-10-03 09:02 - 2014-09-02 23:15 - 00000000 ____D () C:\Users\r\AppData\Local\Adobe

2014-10-03 09:00 - 2013-10-06 19:36 - 00000000 ____D () C:\Program Files (x86)\Google

2014-10-03 08:50 - 2014-06-18 01:26 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-03 08:49 - 2011-08-07 22:01 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-02 12:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PLA

2014-10-02 10:40 - 2014-03-18 03:38 - 00000000 ____D () C:\ProgramData\9a8f3647aa486d14

2014-10-02 10:34 - 2013-10-06 19:40 - 00000000 ____D () C:\ProgramData\Norton

2014-10-02 10:11 - 2014-08-08 20:04 - 00000000 ____D () C:\Users\r\AppData\Roaming\BitTorrent

2014-10-02 10:10 - 2011-08-08 14:16 - 00000000 ____D () C:\windows\Panther

2014-10-02 09:44 - 2013-10-06 19:36 - 00000000 ____D () C:\Program Files\Google

2014-10-02 09:37 - 2013-10-06 20:06 - 00001428 _____ () C:\Users\r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-10-02 09:25 - 2013-10-06 20:07 - 00000000 ____D () C:\Users\r\AppData\Local\Google

2014-10-02 08:43 - 2014-09-07 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-10-02 08:39 - 2014-05-18 00:56 - 00000000 __SHD () C:\Users\r\AppData\Local\EmieSiteList

2014-10-02 08:12 - 2013-10-07 21:39 - 00000000 ____D () C:\Users\r\AppData\Roaming\Skype

2014-10-02 08:09 - 2014-08-16 14:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-10-01 22:49 - 2009-07-13 23:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy

2014-10-01 22:49 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy

2014-10-01 20:46 - 2009-07-13 22:34 - 00000505 _____ () C:\windows\win.ini

2014-09-12 16:46 - 2014-08-09 01:13 - 00000000 ____D () C:\Program Files\005

2014-09-10 23:17 - 2014-06-27 13:18 - 00000276 _____ () C:\windows\Tasks\Rocket Updater.job

2014-09-10 23:17 - 2014-01-29 07:03 - 00791064 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2014-09-10 23:14 - 2014-02-02 17:51 - 00000000 ____D () C:\windows\system32\MRT

2014-09-10 23:06 - 2014-02-02 17:51 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-09-10 23:03 - 2014-05-17 07:42 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-09-10 22:49 - 2014-06-27 13:28 - 00000276 _____ () C:\windows\Tasks\UpdaterEX.job

2014-09-10 15:28 - 2014-01-13 13:53 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-09-08 17:43 - 2013-12-22 03:51 - 00000890 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2636616572-4191175807-3233835049-1000Core.job

 

Files to move or delete:

====================

C:\Users\r\jagex_cl_oldschool_LIVE.dat

C:\Users\r\jagex_cl_runescape_LIVE.dat

C:\Users\r\jagex_cl_runescape_LIVE1.dat

C:\Users\r\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\r\random.dat

 

 

Some content of TEMP:

====================

C:\Users\r\AppData\Local\Temp\Quarantine.exe

C:\Users\r\AppData\Local\Temp\tu17p84.exe

C:\Users\r\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_14484.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-02 23:43

 

==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Just a bunch of junk files and redirect stuff that was probably preventing the Windows updates from working.

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.