Jump to content

Hijack.SearchBar and adwcleaner


Recommended Posts

After running a Malwarebytes (free edition) scan on my Windows Vista desktop, a piece of malware named "Hijack.SearchBar" was discovered along with 6 PUPs. I did a little research and found that the file is likely adware slowing down the computer (probably downloaded secretly along with some other download). During my research, I found that I should run adwcleaner first. Is this correct?

 

Well, I ran adwcleaner's scan after downloading it and found many files marked for deletion, and adwcleaner instructed me to uncheck any files I didn't wish to delete. I know a bit about computers, but I wouldn't consider myself "computer savy." Thus, I wanted to know if adwcleaner will accidentally delete any important or critical files. Will it delete any files that I want? I only ask because some files/folders in the "C:\" directory were marked for deletion which seemed important (e.g. "C:\reboot.exe").

 

P.S. Sorry if all of this sounds stupid. As I mentioned, I don't have a ton of computer knowledge.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.


 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.
 

Link to post
Share on other sites

Hello Marius,

 

Thank you for looking into my problem. I've been a bit busy, so I'm sorry I haven't replied until now. I'm about to run through the list of things to do which you sent me, but I wanted to let you know this before I do so that you won't close the thread due to inactivity.

 

~Thomas

Link to post
Share on other sites

Below are the logfiles from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by Buonanno (administrator) on BUONANNO-PC on 12-11-2014 16:55:13
Running from C:\Users\Buonanno\Downloads
Loaded Profile: Buonanno (Available profiles: Buonanno & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
(InternetSafety.com, Inc.) C:\Program Files\Internet Content Filter\UpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(InternetSafety.com, Inc.) C:\Program Files\Internet Content Filter\UpdateService.exe
(Oracle Corporation) C:\Windows\System32\java.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(InternetSafety.com, Inc.) C:\Program Files\Internet Content Filter\SafeEyes.exe
(brother) C:\Program Files\Brownie\BrStsWnd.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SanDisk Corporation) C:\Users\Buonanno\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Facebook Inc.) C:\Users\Buonanno\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(brother) C:\Program Files\Brownie\brpjp04a.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
(McAfee, Inc.) C:\Program Files\Internet Content Filter\mfeicfcore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iCF] => C:\Program Files\Internet Content Filter\SafeEyes.exe [3367384 2014-03-04] (InternetSafety.com, Inc.)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [brStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-06-11] (brother)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-01] ()
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [sigmatelSysTrayApp] => sttray.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Run: [sansaDispatch] => C:\Users\Buonanno\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-04-12] (SanDisk Corporation)
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Run: [Google Update] => C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Run: [Facebook Update] => C:\Users\Buonanno\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-11-04] (Facebook Inc.)
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\MountPoints2: {00108547-74b4-11dd-868e-001aa04077a6} - K:\InstallTomTomHOME.exe
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\MountPoints2: {6029529c-8220-11e0-8d2f-001aa04077a6} - L:\LaunchU3.exe -a
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\MountPoints2: {7a0caf28-e360-11dd-841e-001aa04077a6} - K:\LaunchU3.exe -a
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\...\MountPoints2: {e2d90dda-c2dc-11dd-8954-001aa04077a6} - L:\LaunchU3.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id%language
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://ptd.net/tiki-index.php
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.enter.net/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www2.enter.net/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-828822740-2985692733-3881268604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
SearchScopes: HKCU - {329DF456-2B9A-1254-3222-23D6BB4C8442} URL = http://ics.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-441-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website is
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787
SearchScopes: HKCU - {F756994E-FC37-29D0-B6B3-004938757426} URL = http://ham.asksearch.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-396-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website is
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG10\avgssie.dll No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 204.186.110.76 204.186.80.251 216.144.187.199
Tcpip\..\Interfaces\{3B2D2E3E-B1A4-4C9D-B883-339FC432C7BC}: [NameServer] 8.26.56.26,156.154.70.22
 
FireFox:
========
FF ProfilePath: C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wolfram.com/Mathematica -> C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Buonanno\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Buonanno\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default\searchplugins\ask.uk.xml
FF Extension: Diccionario en Español para Venezuela - C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2012-11-30]
FF Extension: Move Media Player - C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default\Extensions\moveplayer@movenetworks.com [2009-03-27]
FF Extension: ColorfulTabs - C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-02-27]
FF Extension: Unshorten.It! - C:\Users\Buonanno\AppData\Roaming\Mozilla\Firefox\Profiles\fv5h75tv.default\Extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi [2012-11-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-22]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-11-04] (McAfee, Inc.)
R2 mfeicfcore; C:\Program Files\Internet Content Filter\mfeicfcore.exe [2056736 2014-03-04] (McAfee, Inc.)
R2 mfeicfupdate; C:\Program Files\Internet Content Filter\UpdateService.exe [1696736 2014-03-04] (InternetSafety.com, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-11-04] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 seUpdateSvc; C:\Program Files\Internet Content Filter\UpdateService.exe [1696736 2014-03-04] (InternetSafety.com, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 avgwd; "C:\Program Files\AVG\AVG10\avgwdsvc.exe" [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-04] (AVG Technologies CZ, s.r.o.)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-02-25] (Symantec Corporation)
R2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.) [File not signed]
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider) [File not signed]
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236000 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [365416 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [572528 2013-11-04] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [213392 2013-11-04] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 netr73; C:\Windows\System32\DRIVERS\WUSB54GCx86.sys [256000 2007-03-12] (Ralink Technology Inc.)
S3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2010-11-08] (VSO Software) [File not signed]
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-19] (Microsoft Corporation)
S3 appliandMP; system32\DRIVERS\appliand.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:55 - 2014-11-12 16:56 - 00024666 _____ () C:\Users\Buonanno\Downloads\FRST.txt
2014-11-12 16:54 - 2014-11-12 16:55 - 00000000 ____D () C:\FRST
2014-11-12 16:53 - 2014-11-12 16:53 - 01107968 _____ (Farbar) C:\Users\Buonanno\Downloads\FRST.exe
2014-11-11 22:27 - 2014-11-11 22:27 - 00026112 _____ () C:\Users\Buonanno\Downloads\Abigail Zettlemoyer.xls
2014-11-11 22:24 - 2014-11-11 22:24 - 00026112 _____ () C:\Users\Buonanno\Downloads\Rebekah Waterman.xls
2014-11-11 22:20 - 2014-11-11 22:20 - 00026112 _____ () C:\Users\Buonanno\Downloads\Abigail Suarez.xls
2014-11-11 22:15 - 2014-11-11 22:15 - 00026112 _____ () C:\Users\Buonanno\Downloads\John Sampsell.xls
2014-11-11 22:12 - 2014-11-11 22:12 - 00026112 _____ () C:\Users\Buonanno\Downloads\Abigail MacDonald.xls
2014-11-11 22:09 - 2014-11-11 22:09 - 00024576 _____ () C:\Users\Buonanno\Downloads\Report Card Elizabeth Buonanno.xls
2014-11-11 22:07 - 2014-11-11 22:07 - 00026112 _____ () C:\Users\Buonanno\Downloads\Michael Hard.xls
2014-11-11 22:03 - 2014-11-11 22:03 - 00026112 _____ () C:\Users\Buonanno\Downloads\Katie Hard.xls
2014-11-11 21:58 - 2014-11-11 21:58 - 00026112 _____ () C:\Users\Buonanno\Downloads\Jacob Diem.xls
2014-11-11 19:07 - 2014-11-11 19:07 - 00000084 _____ () C:\Users\Buonanno\Desktop\Playground.url
2014-11-11 19:07 - 2014-11-11 19:07 - 00000050 _____ () C:\Users\Buonanno\Desktop\Desert Dive.url
2014-11-10 21:53 - 2014-11-10 21:55 - 00000000 ____D () C:\Users\Buonanno\Downloads\Physical Science 2014-15.Report Cards
2014-11-10 17:55 - 2014-11-10 17:55 - 00025088 _____ () C:\Users\Buonanno\Downloads\Report Card Template 1415.xls
2014-11-08 19:55 - 2014-11-08 19:59 - 00000000 ____D () C:\AdwCleaner
2014-11-08 19:55 - 2014-11-08 19:55 - 02145792 _____ () C:\Users\Buonanno\Downloads\adwcleaner_4.100.exe
2014-11-08 19:00 - 2014-11-08 19:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 19:00 - 2014-11-08 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 18:59 - 2014-11-08 18:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-08 18:59 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 18:59 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 03:04 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 03:04 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 03:04 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:58 - 2014-09-27 18:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:04 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 02:00 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 22:56 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 22:56 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 22:56 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 22:56 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 22:56 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 22:56 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 22:56 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 22:56 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 22:56 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 22:56 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 22:56 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 22:56 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 22:56 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 22:56 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 22:56 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 22:56 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 22:56 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 22:56 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 22:56 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 22:56 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 22:56 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:52 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 16:52 - 2006-11-02 07:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 16:42 - 2007-05-14 13:40 - 01687207 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 16:37 - 2012-04-05 15:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 16:22 - 2013-10-12 08:24 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000UA.job
2014-11-12 16:22 - 2013-10-07 19:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 10:31 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-11-12 09:01 - 2013-10-07 19:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 21:08 - 2013-10-12 08:24 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000Core.job
2014-11-10 22:01 - 2007-12-30 20:38 - 00000000 ____D () C:\Users\Buonanno\Documents\Dad
2014-11-10 18:13 - 2007-12-30 20:30 - 00000000 ____D () C:\Users\Buonanno\AppData\Roaming\Mozilla
2014-11-10 17:28 - 2010-04-12 09:38 - 00000322 _____ () C:\Windows\Brownie.ini
2014-11-10 17:23 - 2013-08-19 06:59 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 17:23 - 2007-12-31 18:49 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-10 17:22 - 2007-05-14 14:24 - 00595012 _____ () C:\Windows\PFRO.log
2014-11-09 23:50 - 2013-08-19 06:59 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-09 15:11 - 2011-06-21 22:01 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-08 19:00 - 2013-04-11 09:38 - 00000000 ____D () C:\Users\Buonanno\AppData\Roaming\Malwarebytes
2014-11-08 18:59 - 2013-04-11 09:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 18:59 - 2013-04-11 09:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-04 12:28 - 2010-04-12 09:41 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-11-04 12:13 - 2011-10-27 22:22 - 00073728 _____ () C:\Users\Buonanno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-30 06:24 - 2009-10-03 01:06 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-16 03:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 03:23 - 2006-11-02 07:47 - 00290056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:04 - 2007-05-14 14:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:56 - 2013-08-15 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:04 - 2006-11-02 05:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Some content of TEMP:
====================
C:\Users\Buonanno\AppData\Local\Temp\sqlite3.dll
C:\Users\Buonanno\AppData\Local\Temp\_is3836.exe
C:\Users\Buonanno\AppData\Local\Temp\_is5CB3.exe
C:\Users\Buonanno\AppData\Local\Temp\_is7231.exe
C:\Users\Buonanno\AppData\Local\Temp\_isA606.exe
C:\Users\Buonanno\AppData\Local\Temp\_isC1FE.exe
C:\Users\Buonanno\AppData\Local\Temp\_isCB41.exe
C:\Users\Buonanno\AppData\Local\Temp\_isD108.exe
C:\Users\Buonanno\AppData\Local\Temp\_isD83C.exe
C:\Users\Buonanno\AppData\Local\Temp\_isE78.exe
C:\Users\Buonanno\AppData\Local\Temp\_isFC0A.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-10 17:32
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by Buonanno at 2014-11-12 16:58:07
Running from C:\Users\Buonanno\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )
µTorrent (HKLM\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
926plv32 (HKLM\...\{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}) (Version: 1.0.0 - Dell)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 7.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A71000000002}) (Version: 7.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adventures in Typing (HKLM\...\Adventures in Typing) (Version:  - )
Amazon MP3 Downloader 1.0.12 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AT&T WorldNet Setup (HKLM\...\AT&T WorldNet Software) (Version:  - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVG 2011 (Version: 10.0.1375 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1382 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1411 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1415 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1424 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1435 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Braid (HKLM\...\Steam App 26800) (Version:  - Number None, Inc.)
Brother HL-2170W (HKLM\...\{C1B2C599-CC82-481B-AA96-DDC1DA6D834B}) (Version: 1.00 - Brother)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CrazyFrogSaver1 (HKLM\...\CrazyFrogSaver1) (Version:  - )
CrazyFrogSaver3 (HKLM\...\CrazyFrogSaver3) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version:  - Piriform)
Dell PC Fax (HKLM\...\Dell PC Fax) (Version:  - )
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.20 - BVRP Software, Inc)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Drivers Install For Linksys Easylink Advisor (Version: 2.0.9 - Gteko Ltd.) Hidden
EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 3.22 - Philipp Winterberg)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
Half-Life® 2 (HKLM\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version:  - Gearbox)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version:  - Gearbox)
Higher Score on the ACT (HKLM\...\Higher Score on the ACT_is1) (Version:  - Kaplan)
Higher Score on the SAT/PSAT (HKLM\...\Higher Score on the SAT/PSAT_is1) (Version:  - Kaplan)
Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
JumpStart Math for First Graders v1.3 (HKLM\...\JS1GM_1.3) (Version:  - )
JumpStart Math for Second Graders v1.3 (HKLM\...\JS2GM_1.3) (Version:  - )
JumpStart Reading for Kindergartners v1.2 (HKLM\...\JSKR_1.2) (Version:  - )
Kaplan Essential Review- Biology & Chemistry (HKLM\...\{C77A1356-1654-4340-BA5B-A21ED3289B2E}) (Version:  - )
Kid Pix (HKLM\...\Kid Pix) (Version:  - )
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC (HKLM\...\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Linksys EasyLink Advisor (HKLM\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Lone Survivor (HKLM\...\Steam App 209830) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mathematica Extras 8.0 (2609412) (HKLM\...\A-WIN-Extras 8.0.4 2609412_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Micromega Software System EasyScan (HKLM\...\Micromega Software EasyScan) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Small Basic v0.9 (HKLM\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 0.9.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Myst for Windows 95 (HKLM\...\Myst for Windows 95) (Version:  - )
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)
Notepad++ (HKLM\...\Notepad++) (Version: 5.8.2 - )
NVIDIA 3D Vision Controller Driver 270.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 270.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS Master 2 (HKLM\...\{13453DAA-8424-4B9C-844F-FC44C621F9E3}) (Version: 1.0.4 - OLYMPUS IMAGING CORP.)
OLYMPUS Studio 2 (HKLM\...\{65476290-A39F-4B5A-8C8C-6CDA424274DA}) (Version: 1.0.0 - OLYMPUS IMAGING CORP.)
Oregon Trail II (HKLM\...\Oregon Trail II) (Version:  - )
Pencil-Pal Preschool (HKLM\...\Pencil-Pal Preschool) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
Putt-Putt Travels Through Time (HKLM\...\Putt-Putt Travels Through Time) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
Reader Rabbit's Kindergarten (HKLM\...\RRK32.exe) (Version:  - )
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Safe Eyes (HKLM\...\{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}) (Version: 6.2.119.1 - McAfee, Inc.)
Sansa Media Converter (HKLM\...\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}) (Version:  - ArcSoft)
Schoolhouse Rock Thinking Games (HKLM\...\SHRThinkingGames) (Version:  - )
Schoolhouse Rock: Grammar Rock (HKLM\...\GrammarRock) (Version:  - )
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Snapshots (HKLM\...\Snapshots) (Version:  - )
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
STARBRIGHT Asthma (HKLM\...\StBrightDKey) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
Terrapin Logo (remove only) (HKLM\...\Terrapin Logo) (Version:  - )
TomTom HOME 2.8.3.2499 (HKLM\...\TomTom HOME) (Version: 2.8.3.2499 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Typing Tutor 10 (HKLM\...\Typing Tutor 10) (Version:  - )
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Uninstall Dual Mode Camera (88379) (HKLM\...\88379_2009_0702_1736_is1) (Version:  - )
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam  (12/28/2006 1.0.0.0) (HKLM\...\1A6754C019F3AE544C346226BB63AC9BC7DACCDE) (Version: 12/28/2006 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
YouTube Download Manager Pro 6.1.05 (HKLM\...\YouTube Download Manager Pro_is1) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Buonanno\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\ProgramData\Macrovision\FLEXnet Connect\11\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\ProgramData\Macrovision\FLEXnet Connect\11\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Buonanno\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Program Files\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-828822740-2985692733-3881268604-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Buonanno\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
12-11-2014 14:30:46 Scheduled Checkpoint
12-11-2014 21:34:58 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {025714E5-BD8C-4732-8C61-9ABB4EAF9216} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000Core => C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {0E9A8750-8C96-4290-B525-1F223ABE9265} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {217CDEC8-6530-4619-859C-CA286FD5F793} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Buonanno => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {359BD18B-F2DA-4465-BC6C-4909A491A35F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {371E8D26-3C25-437A-BA39-CD362C126A8E} - \RealUpgradeLogonTaskS-1-5-21-828822740-2985692733-3881268604-1000 No Task File <==== ATTENTION
Task: {3C5D958D-DDF1-4FE5-850F-0D690DE468E4} - \{A0516710-A4B3-4CA3-9F9E-6B9C7EEC3BC1} No Task File <==== ATTENTION
Task: {3DC57E31-AF53-493E-A82E-1ACA5CD3FAE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {4C7F4B3C-EF62-440C-AF51-589CB81CD359} - \RunAsStdUser Task No Task File <==== ATTENTION
Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {59128C9B-EA3F-4D93-9FB2-CB4F47E593F7} - \{E39674E3-7CED-4836-A4D5-3FBED0660EB7} No Task File <==== ATTENTION
Task: {5A7C4D17-668B-4C3F-8158-114935A590B6} - \RealUpgradeScheduledTaskS-1-5-21-828822740-2985692733-3881268604-1000 No Task File <==== ATTENTION
Task: {5B816803-7849-4B83-90E6-48F445BCE721} - \{DB47168F-A971-4DF4-A864-2DEE20FF7BEA} No Task File <==== ATTENTION
Task: {5FF70A3D-31C5-4CB9-90C2-26F965B00A11} - \{BD9C4862-7F8A-4D84-8A7B-CA565794E441} No Task File <==== ATTENTION
Task: {6F484EEB-CBA3-4B64-9134-92AE2376E43E} - \{36D39528-42F1-49F4-9560-0F24BF50EEB8} No Task File <==== ATTENTION
Task: {8E1C8DC3-BBF5-4E2F-890D-5BDD6B58BEF2} - \{5BF6C3E4-2B9E-40F4-A144-00286C3446F9} No Task File <==== ATTENTION
Task: {A1E85D56-1D18-48DF-AA31-49ECFC314B55} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {ABF9B562-F480-4697-A0B1-4B0AFF592395} - \{78E6B5B0-93EE-446C-AF12-B43507DE49CD} No Task File <==== ATTENTION
Task: {B0C0AFBF-07D7-44D3-A178-6A619555A241} - \{12431061-5495-45FD-968F-5BCFBC916AA3} No Task File <==== ATTENTION
Task: {B9E5C438-024E-42E4-A846-359F6157E737} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000UA => C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {BD5D1F1D-B869-443B-A65E-8950736FDF3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {BF577623-72F3-4E37-85A4-266036C44BA7} - \{E421FEEC-5CB7-4879-810B-A7975CB7DFAA} No Task File <==== ATTENTION
Task: {DB74417A-B460-429F-A4DD-1077FD38D1B3} - \{0EEBF93F-B7BF-4676-8306-F671AF4479C5} No Task File <==== ATTENTION
Task: {ED703657-0EF2-4EFA-890B-B7D1866736D2} - \{8D295D3F-F712-4F87-B380-6F6C1CB024D5} No Task File <==== ATTENTION
Task: {FB857011-F26F-4215-B89F-92891B3050AC} - \{321AD555-60D2-4E87-A807-B8FB59C43B4A} No Task File <==== ATTENTION
Task: {FF364BA1-1B1A-469B-B11C-B81B36880329} - \{43C66199-A7AD-4CB5-B041-F24AE9213945} No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000Core.job => C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828822740-2985692733-3881268604-1000UA.job => C:\Users\Buonanno\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2007-12-30 19:36 - 2006-10-06 07:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2007-12-30 19:35 - 2006-10-06 10:24 - 00016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2007-12-30 19:35 - 2006-10-06 10:04 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-11-13 14:43 - 2008-11-13 14:43 - 00204800 _____ () C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2008-11-13 14:43 - 2008-11-13 14:43 - 00081920 _____ () C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
2012-11-01 12:56 - 2012-11-01 12:56 - 01263512 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2012-11-01 12:57 - 2012-11-01 12:57 - 00100248 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2008-12-12 17:11 - 2008-12-12 17:11 - 00148480 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 17:11 - 2008-12-12 17:11 - 00097280 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-04-15 10:11 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-15 10:11 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Buonanno\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-11-01 15:06 - 2014-10-21 23:04 - 08910664 _____ () C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-01 15:06 - 2014-10-21 23:04 - 01681224 _____ () C:\Users\Buonanno\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:AC6124CA
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Buonanno\Documents\Announcing Upcoming Programs for September - December 2008.eml:OECustomProperty
AlternateDataStreams: C:\Users\Buonanno\Documents\Re_ answers for Pre-Algebra.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: Corel Photo Downloader => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
MSCONFIG\startupreg: DLCXCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: dlcxmon.exe => "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: NvSvc => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSCONFIG\startupreg: Propel Accelerator => "C:\Program Files\Enter.Net Accelerator\trayctl.exe" /STARTUPLAUNCH
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Buonanno\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-828822740-2985692733-3881268604-500 - Administrator - Disabled)
ASPNET (S-1-5-21-828822740-2985692733-3881268604-1006 - Limited - Enabled)
Buonanno (S-1-5-21-828822740-2985692733-3881268604-1000 - Administrator - Enabled) => C:\Users\Buonanno
Guest (S-1-5-21-828822740-2985692733-3881268604-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-828822740-2985692733-3881268604-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2014 04:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1644, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:49:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1b14, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1a30, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:36:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0xcb4, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:35:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1a7c, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:28:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1864, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1054, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 10:26:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1c64, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 10:19:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1bb0, application start time 0xmfeicfcore.exe0.
 
Error: (11/12/2014 10:19:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, faulting module mfeicfcore.exe, version 6.2.0.119, time stamp 0x5315b8b1, exception code 0xc0000005, fault offset 0x00001490,
process id 0x1cf4, application start time 0xmfeicfcore.exe0.
 
 
System errors:
=============
Error: (11/12/2014 04:57:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service221
 
Error: (11/12/2014 04:52:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/12/2014 04:49:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service220
 
Error: (11/12/2014 04:42:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service219
 
Error: (11/12/2014 04:42:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/12/2014 04:36:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service218
 
Error: (11/12/2014 04:35:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service217
 
Error: (11/12/2014 04:32:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/12/2014 04:28:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: McAfee Internet Content Filter Core Service216
 
Error: (11/12/2014 04:22:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/02/2011 09:21:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/27/2011 09:09:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/26/2011 09:01:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/19/2011 03:24:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/27/2011 05:20:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/11/2010 06:38:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/03/2010 04:13:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/10/2010 06:00:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (09/09/2010 07:19:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (09/09/2010 07:18:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 56%
Total physical RAM: 3005.76 MB
Available physical RAM: 1294.49 MB
Total Pagefile: 6240.04 MB
Available Pagefile: 4808.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.44 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.79 GB) (Free:27.52 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Part way through the GMER scan, this window was shown:
 
m0ckn2st.exe - No Disk
"There is no disk in the drive. Please insert a disk into the drive \Device\Harddisk1\DR1."
 
The options listed are "Cancel," "Try Again," or "Continue." What should I do?
 
Thanks,
Thomas
Link to post
Share on other sites

Skip Gmer, do the following instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

I'm not sure if this has anything to do with the problem, but Windows shut down unexpectedly during the scan. I got a troubleshooting pop-up that read:

Server Error in '/' Application. The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Requested URL: /Responses/survey.aspx/1163/9/2/embeded

 

I'm running the scan again now,
 

Link to post
Share on other sites

I ran the scan and the computer did not restart this time. MBR was successfully copied onto the desktop. Below is the log of the scan.

 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software

Run date: 2014-11-15 16:20:51-----------------------------16:20:51.520    OS Version: Windows 6.0.6002 Service Pack 216:20:51.521    Number of processors: 2 586 0x6B0116:20:51.524    ComputerName: BUONANNO-PC  UserName: Buonanno16:20:55.480    Initialize success16:20:55.750    VM: initialized successfully16:20:55.754    VM: Amd CPU virtualization not supported 16:23:18.236    AVAST engine defs: 1411150016:25:37.958    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e16:25:37.966    Disk 0 Vendor: SAMSUNG_ VT10 Size: 238418MB BusType: 616:25:38.096    Disk 0 MBR read successfully16:25:38.103    Disk 0 MBR scan16:25:38.134    Disk 0 Windows VISTA default MBR code16:25:38.142    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 6316:25:38.194    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 8192016:25:38.247    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       228137 MB offset 2105344016:25:38.293    Disk 0 scanning sectors +48827801616:25:38.393    Disk 0 scanning C:\Windows\system32\drivers16:26:24.247    Service scanning16:28:11.946    Modules scanning16:28:19.504    Disk 0 trace - called modules:16:28:19.573    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys rassstp.sys 16:28:19.585    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8688fac8]16:28:19.599    3 CLASSPNP.SYS[8a3ab8b3] -> nt!IofCallDriver -> [0x85cccf08]16:28:19.612    5 acpi.sys[8280a6bc] -> nt!IofCallDriver -> \Device\0000005e[0x858d89c0]16:28:20.764    AVAST engine scan C:\Windows16:29:09.416    AVAST engine scan C:\Windows\system3216:42:18.892    AVAST engine scan C:\Windows\system32\drivers16:43:30.856    AVAST engine scan C:\Users\Buonanno19:09:39.015    AVAST engine scan C:\ProgramData19:32:11.348    Disk 0 statistics 5247048/0/0 @ 0.36 MB/s19:32:11.367    Scan finished successfully19:38:40.750    Disk 0 MBR has been saved successfully to "C:\Users\Buonanno\Desktop\MBR.dat"19:38:40.775    The log file has been saved successfully to "C:\Users\Buonanno\Desktop\aswMBR.txt"
Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Alright. Here we go. Below are the next two logs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014 01Ran by Buonanno at 2014-11-22 20:12:59 Run:1Running from c:\Users\Buonanno\DownloadsLoaded Profile: Buonanno (Available profiles: Buonanno & UpdatusUser)Boot Mode: Normal==============================================Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:AC6124CAAlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1Task: {BF577623-72F3-4E37-85A4-266036C44BA7} - \{E421FEEC-5CB7-4879-810B-A7975CB7DFAA} No Task File <==== ATTENTIONTask: {DB74417A-B460-429F-A4DD-1077FD38D1B3} - \{0EEBF93F-B7BF-4676-8306-F671AF4479C5} No Task File <==== ATTENTIONTask: {ED703657-0EF2-4EFA-890B-B7D1866736D2} - \{8D295D3F-F712-4F87-B380-6F6C1CB024D5} No Task File <==== ATTENTIONTask: {FB857011-F26F-4215-B89F-92891B3050AC} - \{321AD555-60D2-4E87-A807-B8FB59C43B4A} No Task File <==== ATTENTIONTask: {FF364BA1-1B1A-469B-B11C-B81B36880329} - \{43C66199-A7AD-4CB5-B041-F24AE9213945} No Task File <==== ATTENTIONTask: {59128C9B-EA3F-4D93-9FB2-CB4F47E593F7} - \{E39674E3-7CED-4836-A4D5-3FBED0660EB7} No Task File <==== ATTENTIONTask: {5A7C4D17-668B-4C3F-8158-114935A590B6} - \RealUpgradeScheduledTaskS-1-5-21-828822740-2985692733-3881268604-1000 No Task File <==== ATTENTIONTask: {5B816803-7849-4B83-90E6-48F445BCE721} - \{DB47168F-A971-4DF4-A864-2DEE20FF7BEA} No Task File <==== ATTENTIONTask: {5FF70A3D-31C5-4CB9-90C2-26F965B00A11} - \{BD9C4862-7F8A-4D84-8A7B-CA565794E441} No Task File <==== ATTENTIONTask: {6F484EEB-CBA3-4B64-9134-92AE2376E43E} - \{36D39528-42F1-49F4-9560-0F24BF50EEB8} No Task File <==== ATTENTIONTask: {8E1C8DC3-BBF5-4E2F-890D-5BDD6B58BEF2} - \{5BF6C3E4-2B9E-40F4-A144-00286C3446F9} No Task File <==== ATTENTIONTask: {A1E85D56-1D18-48DF-AA31-49ECFC314B55} - \Adobe Flash Player Updater No Task File <==== ATTENTIONTask: {ABF9B562-F480-4697-A0B1-4B0AFF592395} - \{78E6B5B0-93EE-446C-AF12-B43507DE49CD} No Task File <==== ATTENTIONTask: {B0C0AFBF-07D7-44D3-A178-6A619555A241} - \{12431061-5495-45FD-968F-5BCFBC916AA3} No Task File <==== ATTENTIONTask: {371E8D26-3C25-437A-BA39-CD362C126A8E} - \RealUpgradeLogonTaskS-1-5-21-828822740-2985692733-3881268604-1000 No Task File <==== ATTENTIONTask: {3C5D958D-DDF1-4FE5-850F-0D690DE468E4} - \{A0516710-A4B3-4CA3-9F9E-6B9C7EEC3BC1} No Task File <==== ATTENTIONTask: {4C7F4B3C-EF62-440C-AF51-589CB81CD359} - \RunAsStdUser Task No Task File <==== ATTENTIONFF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1605787&SearchSource=3&q={searchTerms}SearchScopes: HKCU - {329DF456-2B9A-1254-3222-23D6BB4C8442} URL = http://ics.asksearch...-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website isSearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787SearchScopes:'>http://search.condui...&ctid=CT1605787SearchScopes: HKCU - {BenefitBar} URL = http://search.benefi...h={searchTerms}SearchScopes:'>http://search.benefi...h={searchTerms}SearchScopes: HKCU - {F756994E-FC37-29D0-B6B3-004938757426} URL = http://ham.asksearch...-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website isHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-828822740-2985692733-3881268604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787SearchScopes:'>http://search.condui...&ctid=CT1605787SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787HKCU\Software\Microsoft\Internet'>http://search.condui...&ctid=CT1605787HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...%tb_id%languageEmptyTemp:*****************C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.C:\ProgramData\TEMP => ":AC6124CA" ADS removed successfully.C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF577623-72F3-4E37-85A4-266036C44BA7}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF577623-72F3-4E37-85A4-266036C44BA7}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E421FEEC-5CB7-4879-810B-A7975CB7DFAA}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB74417A-B460-429F-A4DD-1077FD38D1B3}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB74417A-B460-429F-A4DD-1077FD38D1B3}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EEBF93F-B7BF-4676-8306-F671AF4479C5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED703657-0EF2-4EFA-890B-B7D1866736D2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED703657-0EF2-4EFA-890B-B7D1866736D2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8D295D3F-F712-4F87-B380-6F6C1CB024D5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB857011-F26F-4215-B89F-92891B3050AC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB857011-F26F-4215-B89F-92891B3050AC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{321AD555-60D2-4E87-A807-B8FB59C43B4A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF364BA1-1B1A-469B-B11C-B81B36880329}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF364BA1-1B1A-469B-B11C-B81B36880329}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43C66199-A7AD-4CB5-B041-F24AE9213945}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59128C9B-EA3F-4D93-9FB2-CB4F47E593F7}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59128C9B-EA3F-4D93-9FB2-CB4F47E593F7}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E39674E3-7CED-4836-A4D5-3FBED0660EB7}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A7C4D17-668B-4C3F-8158-114935A590B6}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A7C4D17-668B-4C3F-8158-114935A590B6}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-828822740-2985692733-3881268604-1000" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B816803-7849-4B83-90E6-48F445BCE721}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B816803-7849-4B83-90E6-48F445BCE721}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DB47168F-A971-4DF4-A864-2DEE20FF7BEA}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FF70A3D-31C5-4CB9-90C2-26F965B00A11}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FF70A3D-31C5-4CB9-90C2-26F965B00A11}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD9C4862-7F8A-4D84-8A7B-CA565794E441}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F484EEB-CBA3-4B64-9134-92AE2376E43E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F484EEB-CBA3-4B64-9134-92AE2376E43E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36D39528-42F1-49F4-9560-0F24BF50EEB8}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E1C8DC3-BBF5-4E2F-890D-5BDD6B58BEF2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E1C8DC3-BBF5-4E2F-890D-5BDD6B58BEF2}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5BF6C3E4-2B9E-40F4-A144-00286C3446F9}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1E85D56-1D18-48DF-AA31-49ECFC314B55}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1E85D56-1D18-48DF-AA31-49ECFC314B55}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABF9B562-F480-4697-A0B1-4B0AFF592395}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABF9B562-F480-4697-A0B1-4B0AFF592395}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78E6B5B0-93EE-446C-AF12-B43507DE49CD}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C0AFBF-07D7-44D3-A178-6A619555A241}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C0AFBF-07D7-44D3-A178-6A619555A241}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12431061-5495-45FD-968F-5BCFBC916AA3}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{371E8D26-3C25-437A-BA39-CD362C126A8E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{371E8D26-3C25-437A-BA39-CD362C126A8E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-828822740-2985692733-3881268604-1000" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C5D958D-DDF1-4FE5-850F-0D690DE468E4}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5D958D-DDF1-4FE5-850F-0D690DE468E4}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0516710-A4B3-4CA3-9F9E-6B9C7EEC3BC1}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C7F4B3C-EF62-440C-AF51-589CB81CD359}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C7F4B3C-EF62-440C-AF51-589CB81CD359}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => Key deleted successfully.Firefox DefaultSearchUrl deleted successfully.\\SearchScopes: HKCU - {329DF456-2B9A-1254-3222-23D6BB4C8442} URL = http://ics.asksearch...-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website is => Value not found.\\SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787 => Value not found.\\SearchScopes: HKCU - {BenefitBar} URL = http://search.benefi...h={searchTerms} => Value not found.\\SearchScopes: HKCU - {F756994E-FC37-29D0-B6B3-004938757426} URL = http://ham.asksearch...-0-<html><head> <title>This Website Is Blocked</title> <link rel="stylesheet" title="normal" type="text/css" href="css/60.css" media="all" /> <script lanuage="JavaScript"> function toggleCategories() { var elem = document.getElementById('categorypane'); var link = document.getElementById('categorylink'); if (elem.style.display == 'block') { elem.style.display = 'none'; link.innerHTML = 'Show Categories'; } else { elem.style.display = 'block'; link.innerHTML = 'Hide Categories'; } } </script></head><body> <div class="container"> <div class="header"> <div class="logo"> <img src="/images/60/logo.jpg"> </div> <div class="headermessage"> SITE BLOCKED </div> </div> <div class="underline"> <img src="/images/60/underline.jpg"> </div> <div class="messagecontainer"> <div class="reasonlabel"> The website was blocked because: </div> <div class="reasontext"> The website is => Value not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-828822740-2985692733-3881268604-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787 => Value not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT1605787 => Value not found.HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.EmptyTemp: => Removed 1.9 GB temporary data.The system needed a reboot. ==== End of Fixlog ====
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Scan, 11/23/2014 4:08:37 PM, SYSTEM, BUONANNO-PC, Manual, Start:11/22/2014 9:39:57 PM, Duration:36 min 45 sec, Threat Scan, Completed, 1 Malware Detection, 5 Non-Malware Detections, 
 
(end)
Link to post
Share on other sites

Let´s see:

 

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.