Jump to content

Wondershare Issue And General SweepOut


garyt53
 Share

Recommended Posts

Hi Folks -

 

Win7 dualboot linux with symantecNIS and regular mbam and mbam-rootkit-beta scans. Nnot having anomalous behavior except Wondershare was installed unsolicited and doesn't show up in win7 or CCleaner uninstall list and within the /applications/wondershare install folder there is no uninstall.exe

 

So, going to do another long-overlooked backup and need expert eyes on my logs after getting rid of this Wondershare thing so I don't perpetuate any problems.

 

NIS rejected frst64.exe as WS.Reputation.1 so please advise.  I know,I know....they're in charge of our national infrastructure. ssseesh

 

I think you folks are least likely to be creating after-hours malware and them as most. haha

 

gt

SymantecNISRejectedFRST64.doc

mbam1.txt

Link to post
Share on other sites

  • Staff

Hello garyt53, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

Please temporarily disable Norton, and redownload FRST. 

Alternatively, FRST can be downloaded onto a USB drive using a different computer, and transferred over. 

 

Run a scan with FRST. Copy and paste the contents of both logs (FRST.txt and Addition.txt) in your next reply.

Link to post
Share on other sites

Hi Adam !

 

THis is Saturday night!  Whaterwedoin doin this? ha

 

Attached the logs and have had p2p torrent stuff on here but not for years.  Got a hi$ station of Rhino engineering software on this thing but it's legit.  Oh yeah, and if I talk too much, I shut up easy. ha

 

If you're still up, will wait a half hr for your interpertation/instruction.

 

gt

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Hello, 
 

THis is Saturday night!

Not in the UK. :)
 
---------
 
Do you recognise the following?

  • C:\Program Files (x86)\zzAutoruns
  • C:\Program Files (x86)\SystemLook Finder.exe
     

Please consider the following suggestion, and proceed with the instructions below. 
 

goGMWSt.gifRegistry Cleaner Warning
 
------------------------------
 
I see you have registry cleaner/optimization software (Free Registry Defrag) installed on your computer. Registry cleaners and optimization tools that claim to speed up your computer should be avoided, and are potentially dangerous. By running a registry cleaner you risk rendering your machine unbootableThere is no statistical evidence to back claims that cleaning the registry will improve performance. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.

  • Some registry cleaners employ aggressive cleaning routines that may cause substantial damage to your system, and could render your machine unbootable.
  • Not all registry cleaners backup the registry. If an issue arises you may not have a backup to rely on.
  • The usefulness of cleaning the registry is disputable; there is no statistical evidence to support the claim that cleaning the registry will improve system performance. 
Please refer to the following article on why you should not use registry cleaner software. I suggest reading why Microsoft does not support the use of registry cleaners as well.

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanPanel.lnkShortcutTarget: ScanPanel.lnk -> C:\ScanPanel\ScnPanel.exe (No File)GroupPolicyUsers\S-1-5-21-2552641736-1398428658-1438833275-1010\User: Group Policy restriction detected <======= ATTENTIONGroupPolicyUsers\S-1-5-21-2552641736-1398428658-1438833275-1009\User: Group Policy restriction detected <======= ATTENTIONSearchScopes: HKLM -> {7808284F-F08E-47E2-92D4-99EDEF7672AA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM-x32 -> {7808284F-F08E-47E2-92D4-99EDEF7672AA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKU\.DEFAULT -> DefaultScope {B60E0077-79C2-4797-A3CB-25B6D2C8F222} URL = SearchScopes: HKU\.DEFAULT -> {7808284F-F08E-47E2-92D4-99EDEF7672AA} URL = SearchScopes: HKU\S-1-5-21-2552641736-1398428658-1438833275-500 -> {7808284F-F08E-47E2-92D4-99EDEF7672AA} URL = SearchScopes: HKU\S-1-5-21-2552641736-1398428658-1438833275-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869SearchScopes: HKU\S-1-5-21-2552641736-1398428658-1438833275-500 -> {B60E0077-79C2-4797-A3CB-25B6D2C8F222} URL = FF Keyword.URL: hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=US&ver=21&q=FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCrwPd.dll (Crawler, LLC)C:\Program Files (x86)\mozilla firefox\plugins\NPCrwPd.dllFF SearchPlugin: C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default\searchplugins\safesearch.xmlFF SearchPlugin: C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default\searchplugins\yahoo_ff.xmlCHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No PathS2 LMIRescue; "C:\Users\CRESCE~1\AppData\Local\Temp\LMI32E3.tmp\lmi_rescue.exe" -service -sid 1bb98bc4-2a52-4d86-8496-aaf02e1d50aa [X]S1 ccHP; \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [X]S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]S0 PxHlpa64; System32\Drivers\PxHlpa64.sys [X]S3 RivaTuner32; \??\C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [X]C:\Users\Gary Tindall\AppData\Local\Temp\IMToolPackSetup.exeAlternateDataStreams: C:\ProgramData\Temp:3B71D0B4AlternateDataStreams: C:\ProgramData\Temp:7631EA83AlternateDataStreams: C:\ProgramData\Temp:7FAE3E0DAlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

STEP 3
YjhLJro.png SystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind*Wondershare*:folderfind*Wondershare*:regfindWondershare
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button. 
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Do you recognise the file/folder?
  • Fixlog.txt
  • TDSSKiller log (attached!)
  • SystemLook.txt
Link to post
Share on other sites

RE Registry Cleaners:

I use CCleaner, both clean and registryclean, regularly utilizing the option to BU the reg.  I run it in both limited account and admin acct.  Sometimes I will just run ATF Cleaner though before running Puran defrag in bootdefrag mode with all options utilized.  So shall I stop using the registry comb in CCleaner, and even the regdefrag utility?  Hey, you’re the expert on this stuff…..I’ll drop these utilities in a heartbeat on your advice.  I value your opinion, even though I’ve been bad burned by overseas Symantec and even domestic MS analysts who I made no effort to retribute.  Revenge just makes me more of a victim.

 

RE The Other Utilities:

Have always used AutoRuns on and off to avoid using msconfig to edit startups.  The other stuff is left over from a recent attempt to accomplish a general sweep at MajorGeeks.  That session ended abruptly when I kiddingly stated that at my age I don’t need to be strictly held to forum protocol.  Well, I don’t know if it was CYA or if he was afraid for his job, but he took that ball and ran with it.  The guy even fixated on that non-issue that I closed the thread by snapping back with “no, I closed the thread”.  Pretty petty crap so I came here.  Mostly because of your as-good-as-Kaspersky developers…..who, like I said earlier, probably don’t spend their off time creating annoying – even criminally destructive malware.  I’m a retired engineering support professional and this sysad stuff is very serious and stressful and requires a degree of levity to take off that edge, but some people….well enough said.  Never been kicked off a forum of any kind and have only run from forums a few times, like on alternative unbelievable-but-true critical-current-events forums that get temporarily overrun by paid propagandizing trolls.  Now too much said.

 

Please remove all this unnecessary info from this post.  It’s only here cause you asked about leftover logs in STEP 4 of your last reply.

 

OK…..couldn’t sleep well either so will work on the “hoops” you have provided me to expedite this effort.  Logs attached as per.

 

gt

 

HA!  Am learning stuff from you in the first line already: “ScriptPress”  No word from you regarding NIS so I left the Symantic firewall and active AV on for this stuff.  Had to OK frst-scanner though.  I also had hidden and system files set globally (God I hate that word….all the lies are globaloney, I made that up and it’s catchin on) to visible.

 

Also was not able to select “Detect TDLFS…..” or “Verify….” In tdssk as had to reboot at “extended monitoring….”.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 06:53 on 21/12/2014 by garytindall
Administrator - Elevation successful

========== filefind ==========

Searching for "*Wondershare*"
C:\Documents and Settings\garytindall\AppData\Roaming\Microsoft\Office\Recent\wondershare issue.doc.LNK    --a---- 732 bytes    [22:21 12/12/2014]    [10:11 21/12/2014] CBF58BE346F0E97CE7675CE239555CB7
C:\Documents and Settings\garytindall\Desktop\wondershare issue.doc    --a---- 35840 bytes    [22:21 12/12/2014]    [03:16 15/12/2014] BA541DF1033C06B9B2687478FAC3281E
C:\Users\garytindall\AppData\Roaming\Microsoft\Office\Recent\wondershare issue.doc.LNK    --a---- 732 bytes    [22:21 12/12/2014]    [10:11 21/12/2014] CBF58BE346F0E97CE7675CE239555CB7
C:\Users\garytindall\Desktop\wondershare issue.doc    --a---- 35840 bytes    [22:21 12/12/2014]    [03:16 15/12/2014] BA541DF1033C06B9B2687478FAC3281E

========== folderfind ==========

Searching for "*Wondershare*"
C:\Documents and Settings\All Users\Wondershare Video Converter Ultimate    d------    [13:12 01/08/2013]
C:\Documents and Settings\garytindall\AppData\Local\Wondershare    d------    [13:13 01/08/2013]
C:\Documents and Settings\Public\Documents\Wondershare    d------    [13:06 01/08/2013]
C:\Program Files\Common Files\Wondershare    d------    [13:13 01/08/2013]
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact    d------    [13:13 01/08/2013]
C:\ProgramData\Wondershare Video Converter Ultimate    d------    [13:12 01/08/2013]
C:\Users\All Users\Wondershare Video Converter Ultimate    d------    [13:12 01/08/2013]
C:\Users\garytindall\AppData\Local\Wondershare    d------    [13:13 01/08/2013]
C:\Users\Public\Documents\Wondershare    d------    [13:06 01/08/2013]

========== regfind ==========

Searching for "Wondershare"
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU]
"Value"="inst SymantecNISRejectedFRST64 instructions instructions2 BootRepair-GRUB wondershare issue"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File3"="C:\Users\garytindall\Desktop\WondershareIssueInfo.txt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File4"="C:\Users\garytindall\Desktop\WondershareIssueInfo.rtf"
[HKEY_CURRENT_USER\Software\Wondershare]
[HKEY_CURRENT_USER\Software\Wondershare\Wondershare Helper Compact]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WondershareVideoConverterFileOpreation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRDownloadButton.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\URLReqService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}\LocalServer32]
@="C:\PROGRA~1\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRDownloadButton.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\URLReqService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare]
"ExePath"="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\DownloadManager]
"InstallLocation"="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
"InstallPath"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
"Installexe"="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Wondershare Helper Compact.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
"Uninstallexe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
"DataLastRoom"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\log\Data\RoomSwap\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare\Wondershare Helper Compact]
"DataCurrentRoom"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\log\Data\Room\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}\LocalServer32]
@="C:\PROGRA~1\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRDownloadButton.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\0\win32]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate\URLReqService.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Wondershare\Video Converter Ultimate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\0\win32]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}\1.1\HELPDIR]
@="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\"
[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU]
"Value"="inst SymantecNISRejectedFRST64 instructions instructions2 BootRepair-GRUB wondershare issue"
[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File3"="C:\Users\garytindall\Desktop\WondershareIssueInfo.txt"
[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File4"="C:\Users\garytindall\Desktop\WondershareIssueInfo.rtf"
[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Wondershare]
[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Wondershare\Wondershare Helper Compact]

-= EOF =-

 

~  WHEW  ~

Sorry for throwing all this atcha.

TDSSKiller.3.0.0.42_21.12.2014_06.45.00_log.txt

Fixlog.txt

Link to post
Share on other sites

  • Staff

Hello,
 

Sometimes I will just run ATF Cleaner

This tool has not be updated for a long time. Running CCleaner's cleaner would be the safer option. 
 

So shall I stop using the registry comb in CCleaner, and even the regdefrag utility?

Any programme that purports to clean the registry should be avoided. In CCleaner's case, running the standard cleaner is OK (I use it myself). The built-in registry cleaner is better left. 
 

No word from you regarding NIS so I left the Symantic firewall and active AV on for this stuff.

Yes, that's OK. If your security software needs to be disabled, I will let you know. 
 

Also was not able to select “Detect TDLFS…..” or “Verify….” In tdssk as had to reboot at “extended monitoring….”.

That's OK.

 

Please do the following. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startC:\Documents and Settings\All Users\Wondershare Video Converter UltimateC:\Documents and Settings\garytindall\AppData\Local\WondershareC:\Documents and Settings\Public\Documents\WondershareC:\Program Files\Common Files\WondershareC:\Program Files\Common Files\Wondershare\Wondershare Helper CompactC:\ProgramData\Wondershare Video Converter UltimateC:\Users\All Users\Wondershare Video Converter UltimateC:\Users\garytindall\AppData\Local\WondershareC:\Users\Public\Documents\WondershareEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 3
GIRjHjL.png Reg Fix 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\Software\Wondershare][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WondershareVideoConverterFileOpreation][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wondershare][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{3E8FFA07-07D5-4FA0-BB26-DAE0D0F8820C}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{455852CE-2BE3-42D5-9274-E26142778A8A}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BA975139-E81E-415B-81E0-4F0A129172FC}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D85C6069-D628-4276-93C3-9A94E5338D8B}][-HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Wondershare]
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file regfix.reg.
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate regfix.reg GIRjHjL.png on your Desktop. Right-click the file and click Merge with the Registry
  • Accept any prompts. 
  • Reboot your computer for the changes to take effect.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the reg fix merge successfully?
Link to post
Share on other sites

Hi Adam -

 

“Merge with registry” was not available on my rightclick so my workaround was to create a restore point > open with > registry editor, and that added it to the registry.  Ah ha, got to correct the teach!  That is, if what I did doesn’t require the restore point I created.  And they are always iffy, huh.  Except you BUd the reg, and THAT'S reliable.  It’s great to have sys-backups too.  Even if they're old.  Of course, they’re always iffy.*  So it was an exciting (scary really) reboot, but it worked. ha  Being complicated is what makes stuff seem like magic.  But then, that’s job security!

 

Removed ATCCleaner and will try to resist the temptation of using the CCleaner RegistryClean option, but that should be attainable cause I don’t intend to be adding and removing many programs as I have in the past. 

 

How about the reg-defrag?  I usually use it every few months and it “feels” like it’s doing it’s job.  Like, I notice shorter reboots after.  Or should I off that too.

 

And, I’ve got this dancer on my desktop…….just kidding. ha

 

So…..we’re done, huh.

 

gt

 

* I've started using Clonezilla for imaging my 2 dual-boot HDDs and system-incremental backups.  Good idea?  Or should I use dd (linux)?  It also images multi-part HDDs by the 1s and zeros (more reliable and safer?).  Also, any cool scripts you have for maintainence would be great!  Except I should probably pay for that.  Except hey!  It's Christmas! haha  Besides, I've always thought software oughta be free.  It's the books they should charge for.  Like AutoCAD was early on....what made em so big.  Oh, and....Thanks for rewarding my trust.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by garytindall at 2014-12-22 11:15:44 Run:2
Running from C:\Users\garytindall\Desktop
Loaded Profile: garytindall (Available profiles: Gary Tindall & Visitorer & Trusted Friend & garytindall & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Documents and Settings\All Users\Wondershare Video Converter Ultimate
C:\Documents and Settings\garytindall\AppData\Local\Wondershare
C:\Documents and Settings\Public\Documents\Wondershare
C:\Program Files\Common Files\Wondershare
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact
C:\ProgramData\Wondershare Video Converter Ultimate
C:\Users\All Users\Wondershare Video Converter Ultimate
C:\Users\garytindall\AppData\Local\Wondershare
C:\Users\Public\Documents\Wondershare
EmptyTemp:
end
*****************

C:\Documents and Settings\All Users\Wondershare Video Converter Ultimate => Moved successfully.
C:\Documents and Settings\garytindall\AppData\Local\Wondershare => Moved successfully.
C:\Documents and Settings\Public\Documents\Wondershare => Moved successfully.
C:\Program Files\Common Files\Wondershare => Moved successfully.
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" => File/Directory not found.
"C:\ProgramData\Wondershare Video Converter Ultimate" => File/Directory not found.
"C:\Users\All Users\Wondershare Video Converter Ultimate" => File/Directory not found.
"C:\Users\garytindall\AppData\Local\Wondershare" => File/Directory not found.
"C:\Users\Public\Documents\Wondershare" => File/Directory not found.
EmptyTemp: => Removed 17.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

ANd I noticed in red above that it sees my guest account.  What's up with that?  THought I had it turned off.  Or am I exposing my ignorance.

Link to post
Share on other sites

  • Staff

Hello, 
 

“Merge with registry” was not available on my rightclick

Apologies. The instructions should only state "Merge". 
Lets double-check the keys were removed. 
 
Please rerun SystemLook with the same script, and post the log in your next reply. 
 

How about the reg-defrag?

Ultimately, it's your decision.
But like I said - any software that purports to optimization by automatically removing items from the registry should be avoided in my opinion. Microsoft have stated this themselves. 
 

* I've started using Clonezilla for imaging my 2 dual-boot HDDs and system-incremental backups.  Good idea?

Sounds good to me. Clonezilla is a reputable programme. 
 

Also, any cool scripts you have for maintainence would be great!

Practicing safe hex to keep the computer malware free (including keeping vulnerable Internet-facing software updated), regularly cleaning dust collected inside the machine and clearing out temp files is all I do to keep my computers well maintained. If a disc defrag is necessary, this will also be performed. 
 

ANd I noticed in red above that it sees my guest account.  What's up with that?

Yes, this is disabled. See your Addition.txt: 
Guest (S-1-5-21-2552641736-1398428658-1438833275-501 - Limited - Disabled)
 
 
Lets run through a few general scans for adware and malware. 
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click Export to text file... and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • SystemLook.txt
  • AdwCleaner[s0].txt
  • MBAM Scan log
  • RKreport.txt
  • ESET Online Scan log
Link to post
Share on other sites

Hi Adam –

 

Funny, didn’t get a notification last time but did this time.  Like I said…..magic Man. haha

 

And your misspelling of maintenance as maintainence is funny cause that’s one of the veryfew words I misspell, and I do it just like that.  I don’t use spellcheck either.  And you spell program like a Brit.  Then you know this planet would be a utopia if not for that 1 sq mi called The City of London central banksters.  We are in a dwindling minority because of how stupid they are trying to make us……to eliminate our innate capability for critical thinking cause it interferes with their fraud.  OutcomeBased/CommonCore.  Pleeeeease.  Off subject….

 

Reran SysLook and looks (to me) like it quarantined the wondershare crap (attached logfile).  Ya taught me how to use it this time! ha  I don’t like indexing so this little utility will be useful.  Think I’ll keep AdwareCleaner too, comparing future scans to screenshots of what was checked this time and unchecking accordingly.  But the other utilities are over my head.  I know…..path of least resistance.  My only excuse is I’m oldalready. ha

 

Safe-hex? I What’s that?  And thanks for reminding me to de-dust.  Last time I had to reseat the CPU and GPU and bent and had to straighten pins on the former so have subconsciously neglected this issue.  Whaddabitch.  Now THAT was scary. Haha  Used ArcticSilver paste though so won’t have to do that again.

 

Funny getting utilities from BleepingComputer.  I was going to BleepingComputer with I chose your crew instead.

 

And should I continue using mbam AntiRootkit beta?  I don’t like using “beta” stuff, but it is mbam.  Boy the new mbam sure has a lotta options now.  Getting scary out there, huh.  Well, don’t be afraid cause that’s where they want cha…..GET MAD! (the gulf, fukushima, ebola, bailouts, bailins, the fed reserve scam, WWII….all the lies)  Off topic again….It’s just that everything else pales in comparison.  Like Congress just made us responsible for the over $2 quadrillion in mostly GoldmanSucks global “derivatives” fraud!

 

Man, I sure like the progress bar on the new mbam.  Like Unix.  If they could all be so accurate…..

 

Disabled NIS AV (not firewall) only for ESET scan but not before, as instructed.

 

RE eset:  Didn’t “browse the web” but rather than stop the utility I ran vlc for 20min on a network stream about the financial collapse after an hour stuck on 3% if that’s an issue.  BRICS is online in a few days and their aim is to kill the ponzipetrodollar.  We’re in financial WWIII having made the whole world hate us now and the banksters want it to go hot cause they’re about to get caught like in Iceland.  They’ve started all the wars unnecessarily on lies and for their compound-interest profit ya know.  Bandwidth didn’t seem to be an issue though.  Ran online scanners before…..like Kaspersky.  But this one’s a pretty fine toothed comb.  Stuck at 3% for like over an hour.  Hope it’s not rife with false positives to evaluate. It found 18 in the first few minutes.  Well, been another hour at 4% now and at this rate it will take months to run.  Included the logfile of the 19 threats it found after 2hrs and only reaching 4%,  Will rerun after your inspection of the log if necessary.  Maybe you should suggest people run this tool overnight.

 

gt

 

Oh yeah....dumped regdefrag utility just now.

 

FIRST AdwCleaner[RO]

# AdwCleaner v4.106 - Report created 22/12/2014 at 13:43:55
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : garytindall - GTLLC
# Running from : C:\Users\garytindall\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Gary Tindall\AppData\Roaming\Mozilla\Firefox\Profiles\0x9s7ch0.default\searchplugins\safesearch.xml
File Found : C:\Users\Gary Tindall\AppData\Roaming\Mozilla\Firefox\Profiles\6ss1mrq2.default\searchplugins\safesearch.xml
File Found : C:\Users\Visitorer\AppData\Roaming\Mozilla\Firefox\Profiles\dym9vw5s.default\searchplugins\safesearch.xml
Folder Found : C:\Program Files (x86)\Crawler
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\VideoConverter
Folder Found : C:\Users\Gary Tindall\AppData\Local\PackageAware
Folder Found : C:\Users\Gary Tindall\AppData\Local\Video Converter
Folder Found : C:\Users\garytindall\AppData\Local\PackageAware
Folder Found : C:\Users\garytindall\AppData\Local\Video Converter
Folder Found : C:\Users\garytindall\AppData\Roaming\Search Protection

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\CToolbar
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\CToolbar
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [updateMyDrivers]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
[0x9s7ch0.default] - Line Found : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

*************************

AdwCleaner[R0].txt - [5074 octets] - [22/12/2014 13:43:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5134 octets] ##########
 

 

 

SECOND of 2 AdwCleaner[sO]

# AdwCleaner v4.106 - Report created 22/12/2014 at 14:03:06
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : garytindall - GTLLC
# Running from : C:\Users\garytindall\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\VideoConverter
Folder Deleted : C:\Program Files (x86)\Crawler
Folder Deleted : C:\Users\Gary Tindall\AppData\Local\PackageAware
Folder Deleted : C:\Users\Gary Tindall\AppData\Local\Video Converter
Folder Deleted : C:\Users\garytindall\AppData\Local\PackageAware
Folder Deleted : C:\Users\garytindall\AppData\Local\Video Converter
Folder Deleted : C:\Users\garytindall\AppData\Roaming\Search Protection
File Deleted : C:\Users\Gary Tindall\AppData\Roaming\Mozilla\Firefox\Profiles\0x9s7ch0.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Gary Tindall\AppData\Roaming\Mozilla\Firefox\Profiles\6ss1mrq2.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Visitorer\AppData\Roaming\Mozilla\Firefox\Profiles\dym9vw5s.default\searchplugins\safesearch.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [updateMyDrivers]
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\CToolbar
Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
[0x9s7ch0.default\prefs.js] - Line Deleted : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

*************************

AdwCleaner[R0].txt - [5262 octets] - [22/12/2014 13:43:55]
AdwCleaner[R1].txt - [5322 octets] - [22/12/2014 13:58:02]
AdwCleaner[s0].txt - [5243 octets] - [22/12/2014 14:03:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5303 octets] ##########
 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/22/2014
Scan Time: 2:12:55 PM
Logfile: mbamPASTE.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.22.09
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: garytindall

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 562807
Time Elapsed: 26 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : garytindall [Administrator]
Mode : Scan -- Date : 12/22/2014  14:54:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\MATRIX~1.SCR  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[suspicious.Path] \\{A5192E77-5AF0-4288-A007-6D16F86CB347} -- C:\Users\garytindall\Desktop\Guru3D.com\Setup\RivaTuner224MSIMOA2009Edition.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wqucbu05.default : user_pref("browser.startup.homepage", "https://us-mg4.mail.yahoo.com/neo/launch?.rand=a9omccd1ji3hu#3761198123");-> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] d982adb044679a8f49b91f336a26f3fb
[bSP] fa94f06cff4543441f39121145c1860a : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 428772 MB
2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 878331904 | Size: 173427 MB
3 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 1233510400 | Size: 8180 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Hitachi HDS721010CLA SCSI Disk Device +++++
--- User ---
[MBR] 4fcd9905132913cd6df784ebf684f53d
[bSP] baacab66f5d9585c880b617c6977da25 : Linux MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 60307 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 123510784 | Size: 893560 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_12122014_153345.log - RKreport_SCN_12222014_144938.log

 

 

 

C:\Documents and Settings\All Users\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll    Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll    Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll    Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\All Users\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application
C:\Documents and Settings\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe    Win32/OpenCandy potentially unsafe application
 

Link to post
Share on other sites

  • Staff

Hello, 
 

Reran SysLook and looks (to me) like it quarantined the wondershare crap (attached logfile).

It doesn't look as if the SystemLook log attached. 
Also bear in mind that the programme is a diagnostic tool - running the FRST script from earlier is what removed the folders associated with Wondershare.
 

Safe-hex? I What’s that?

Safe hex refers to the practice of safe Internet usage and surfing habits.

Refrain from aimlessly clicking links, opening unknown Email attachments, etc.
 

And should I continue using mbam AntiRootkit beta?

MBAR is a specalised ARK (Anti-Rootkit) programme; not intended for everyday use. Running the programme on a machine you believe to be clean is unnecessary. Furthermore, MBAM comes equipped with its own ARK module. 
 

Hope it’s not rife with false positives to evaluate.

ESET is the most thorough and comprehensive online scan available to use. This also makes the programme prone to false-positives (like every programme). ESET is perhaps more prone than most; but there is no substitute for thoroughness. Having the option to remove found threats unchecked allows the items flagged to be evaluated before removal. Any false-positives here will be identified. 
 
I recommend rerunning ESET and allowing the scan to complete. If the duration of the scan is too long, I can provide instructions for an alternative scan. 
 

Maybe you should suggest people run this tool overnight.

Good point, thank you. 
 

What's with all the master boot record errors?  Just an aritfact of dual-booting linux?

At times, RogueKiller will encounter Low Level reading errors. Perhaps this is due to the presence of Linux. 
There's no cause for concern here. 
 
The other reading errors are due to the nature of the devices attached. 
 
-------------------
 
Do you recognise these files?

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\MATRIX~1.SCR -> Found
[suspicious.Path] \\{A5192E77-5AF0-4288-A007-6D16F86CB347} -- C:\Users\garytindall\Desktop\Guru3D.com\Setup\RivaTuner224MSIMOA2009Edition.exe -> Found

 
Please attach the latest SystemLook log in your next reply, and let me know the situation in regards to ESET. 
We can address the items detected once the scan is complete, or I can provide an alternative scan.

Link to post
Share on other sites

Hi Adam –

 

Tossed mbar beta as per your advice.

 

Regarding the two questionable files you asked about at the end of your post, the MATRIX path is my screensaver and it’s OK albeit dated.  The second path RivaTuner is left over from a utility I used to use to better control a higher end NVIDIA GPU I once needed when I still had clients.  Matrix?  Keep.  RivaTuner?  Toss. The latter has remnants “Guru3D” that I have seen in past logs.

 

Here’s the old SystemLook log that didn’t make it to you…..somehow: ha

 

SystemLook 30.07.11 by jpshortstuff

Log created at 13:36 on 22/12/2014 by garytindall

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*Wondershare*"

C:\Documents and Settings\garytindall\AppData\Roaming\Microsoft\Office\Recent\wondershare issue.doc.LNK  --a---- 732 bytes           [22:21 12/12/2014]        [10:11 21/12/2014] CBF58BE346F0E97CE7675CE239555CB7

C:\Documents and Settings\garytindall\Desktop\wondershare issue.doc --a---- 35840 bytes            [22:21 12/12/2014]        [03:16 15/12/2014] BA541DF1033C06B9B2687478FAC3281E

C:\Users\garytindall\AppData\Roaming\Microsoft\Office\Recent\wondershare issue.doc.LNK      --a---- 732 bytes     [22:21 12/12/2014]        [10:11 21/12/2014] CBF58BE346F0E97CE7675CE239555CB7

C:\Users\garytindall\Desktop\wondershare issue.doc     --a---- 35840 bytes        [22:21 12/12/2014]            [03:16 15/12/2014] BA541DF1033C06B9B2687478FAC3281E

 

========== folderfind ==========

 

Searching for "*Wondershare*"

C:\FRST\Quarantine\C\Documents and Settings\All Users\Wondershare Video Converter Ultimate            d------   [13:12 01/08/2013]

C:\FRST\Quarantine\C\Documents and Settings\garytindall\AppData\Local\Wondershare            d------        [13:13 01/08/2013]

C:\FRST\Quarantine\C\Documents and Settings\Public\Documents\Wondershare           d------            [13:06 01/08/2013]

C:\FRST\Quarantine\C\Program Files\Common Files\Wondershare        d------   [13:13 01/08/2013]

C:\FRST\Quarantine\C\Program Files\Common Files\Wondershare\Wondershare Helper Compact            d------   [13:13 01/08/2013]

 

========== regfind ==========

 

Searching for "Wondershare"

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU]

"Value"="inst SymantecNISRejectedFRST64 instructions instructions2 BootRepair-GRUB wondershare issue"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]

"File3"="C:\Users\garytindall\Desktop\WondershareIssueInfo.txt"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]

"File4"="C:\Users\garytindall\Desktop\WondershareIssueInfo.rtf"

[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Save As\File Name MRU]

"Value"="inst SymantecNISRejectedFRST64 instructions instructions2 BootRepair-GRUB wondershare issue"

[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]

"File3"="C:\Users\garytindall\Desktop\WondershareIssueInfo.txt"

[HKEY_USERS\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]

"File4"="C:\Users\garytindall\Desktop\WondershareIssueInfo.rtf"

 

-= EOF =-

 

 

 

Will run the online scanner overnight and repost as per previous instruction.

 

gt

 

Oh yeah, odd that I didn't get notification again this time.  No big deal but if happening elsewhere could be an issue for webmaster.  And thanks for calming me down about the MBR issues.  Just went thru a bunch of testdisk repair of overlapping partitions and GRUB bootloader repairs that were a result of win7 updates.  I think Gates (it's obvious he's given marketing control, as most corps have now) is at war with open source. ha

Link to post
Share on other sites

I like little posts.  Don't you?

 

Hi Adam –

 

Scan ran over 6hrs and had left my system boot HDD containing both OS for my 2nd of 2 HDD (G: in the log) that, depending on the characteristics of the variants found on C:, I see no need to scan. 

 

My question is had the program completed it’s scan of C: before it started scanning G:?  If not, should I reconfigure the scanner to not scan the secondary HDD?  Or even disconnect it for the scan?  Or, hopefully, do I even need to repeat the scan reconfigured?  I suspect the types of genuine infections found on C: and their characteristics would determine that.  But from what we’ve found so far, I suspect they are all false positives.

 

The 1TB secondary HDD had been automatically switched to dynamic by win7 against my wishes.  Something I need to fix later.  There’s mostly a bunch of backups on there that can now be tossed but a lot of stuff I need to move before reverting from dynamic disk or reconstructing partitions.  If necessary I will disconnect the secondary and treat it like ebola.  But I doubt any infection I may have would require that.

 

Your thoughts…..no matter how much it hurts? ha

 

gt

 

C:\Documents and Settings\All Users\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll  Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Documents and Settings\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

C:\MGtools\Process.exe   Win32/PrcView potentially unsafe application

C:\ProgramData\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll      a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll      a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

G:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 14.zip       a variant of Win32/InstalleRex.T potentially unwanted application

G:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 20.zip       a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

G:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 27.zip       a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

G:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 30.zip       Win32/OpenCandy potentially unsafe application

Link to post
Share on other sites

  • Staff

Hello Gary, 
 

Or, hopefully, do I even need to repeat the scan reconfigured?

It's your choice. I can't guarantee the scan won't flag anything residing on other drives. You may wish to scan your other drives to be on the safe side. 
 

But from what we’ve found so far, I suspect they are all false positives.

Not exactly. 
 
Delete these folders:

C:\Documents and Settings\All Users\InstallMateC:\ProgramData\InstallMateC:\Users\All Users\InstallMate

 
These are installers for software on your computer. They bundle potentially unwanted programmes. There's no harm in deleting or leaving the files; it won't make a difference. 

C:\Documents and Settings\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Documents and Settings\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe applicationC:\Users\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

 
MGtools is from MajorGeeks. Security programmes are often flagged as unsafe for a viariety of reasons, including whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, certain registry strings it may contain and the type of security engine that was used during the scan. 

C:\MGtools\Process.exe   Win32/PrcView potentially unsafe application

 
These are backup files. I'll let you decide how you wish to proceed in regards to the files below. 

G:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 14.zip       a variant of Win32/InstalleRex.T potentially unwanted applicationG:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 20.zip       a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationG:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 27.zip       a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationG:\GTLLC\Backup Set 2014-09-21 050342\Backup Files 2014-09-21 050342\Backup files 30.zip       Win32/OpenCandy potentially unsafe application

Please provide an update on your computer. Are there any outstanding issues?

Link to post
Share on other sites

HA!  What a coincidence.....even though as a conspiracy "theorist" I can't believe in that. ha  You shouldn't be working the holiday ya know.

 

OK…..here’s what I did.  I moved the pagefile back to the C: boot drive and set the scanner to only scan C:.  It still took over 4hrs to run, but it jumped to 30% in just the first 2 minutes.  Strange.  And the freakin bar stuck on 94 % for like 2hrs.  Somebody outa tell them to just get rid of that poorly developed misleading progress bar.

 

Will be dumping 300GB of win7 NT backups on the 1TB secondary HDD that probably have the stuff we’re removing in em.  Probably will just reformat after removing 300GB of other stuff I want to keep first.  Easy, safe and reliable solution to undoing the MS dynamic partitions that were forced upon me huh.

 

Hey…..Merry Christmas Eve!  No…..Happy Christmas and A Way Too Merry New Years!

 

gt

 

C:\Documents and Settings\All Users\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll  Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\All Users\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Documents and Settings\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Documents and Settings\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

C:\MGtools\Process.exe   Win32/PrcView potentially unsafe application

C:\ProgramData\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\ProgramData\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll      a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{100E0CB3-4BD1-4966-AB8D-03F3CBED2E45}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{17EB0527-1877-44BE-A655-5055CC0827D1}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{38F866E2-8C55-4C8E-AE65-C477E31B4414}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{536D27E9-7C69-4124-A3CF-344B888E051F}\Custom.dll     a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{5FB9CA2C-AB4F-4C51-AEBA-E36D845AE8DA}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{6A83E855-02CA-4DA0-AF4B-4AE8B160CAA3}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{70BC4F2E-1A55-48B3-AA58-5277AB5F6DD8}\Custom.dll   Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{7164A1CA-F979-3562-D789-B15BAA87833C}\_Setupx.dll  Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{72E896BB-1CC4-4B69-A982-54E6A90BB44D}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{7E422431-3549-4AA8-A843-7D6BA5A106C7}\Custom.dll   a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{80881B22-0F1B-459B-A770-47395B6B39D4}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{866743FB-8862-4FCD-AD26-C0405D84610D}\Custom.dll    Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{A9AF1A12-AB80-461B-A4F0-E3A2724C38E4}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{C0EC6F14-DFF5-4302-A1E9-97D71B0F4DE2}\Custom.dll    a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{F127D05F-8494-4807-AAEC-CCB62AC4F2A9}\Custom.dll  a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\All Users\InstallMate\{F9CA3017-71B2-4EFE-AC15-3990222912E1}\Custom.dll      a variant of Win32/InstalleRex.T potentially unwanted application

C:\Users\Gary Tindall\Documents\SystemStuff\CoolComputerStuff\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines\DuplicateCleaner_setup.exe          a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

 

 

Will read your post now as you see if this log is different.  Probably isn't except for the G: stuff.

Link to post
Share on other sites

Hi Adam -Funny, the \Documents and Settings\All Users\InstallMate was the only folder present to delete.  The highlighted folders weren’t in the path indicated.
 
C:\Documents and Settings\All Users\InstallMate
C:\ProgramData\InstallMate
C:\Users\All Users\InstallMate

Will repeat the scan on the stuff I want to save from the secondary HDD sometime later.  There's practically a TB there, half of which I will need to scan.  I’m tossing all the win7 backups with unwanted stuff inside them.

 

“Not exactly.”  That’s funny.  While I don’t want to be wrong, I’m never afraid to be cause it’s still a learning experience.  Heck, I expect to be wrong with this stuff! ha

 

Yes, noticed the admin account I've been working in became noticably snappier when I deleted that one folder:

C:\Documents and Settings\All Users\InstallMate

....the other two InstallMate folders just weren't there.

 

gt

Link to post
Share on other sites

Hi Adam -

 

SystemLook 30.07.11 by jpshortstuff
Log created at 02:54 on 26/12/2014 by garytindall
Administrator - Elevation successful

========== filefind ==========

Searching for "*InstallMate*"
No files found.

========== folderfind ==========

Searching for "*InstallMate*"
No folders found.

========== regfind ==========

Searching for "InstallMate"
No data found.

-= EOF =-

 

No email notification came again so got ahead of ya and cloned the 2 remaining win7 partitions assuming (hope this assumption works) you had completed the analysis.  Haven't yet reconstructed the 1TB secondary HDD but will tomorrow if I get an OK from you that this thread is closed.

 

Helping me on the holiday.  Man, that's dedicated.

 

gt

Link to post
Share on other sites

  • Staff

Hi Gary, 
 
Apologies for the delay. 
 
Lets get a fresh set of FRST logs before we finish up. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites

Hi Adam –

 

Glad you’re back….but I probly wouldof run away from all those requests for help a long time ago. ha

 

Reset my folder options and msconfig to diagnostic.  Restarted.  Then turned off my AV (not firewall).  And chose to keep the following files ESET found as potentially unsafe that are related to my custom themes:

C:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application
C:\Users\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application
 
C:\Documents and Settings\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application
 
C:\Users\garytindall\Documents\SystemStuff\SystemImages\Themes\first2\Carbon_Fiber\Extras\VistaGlazzSetup.exe  Win32/OpenCandy potentially unsafe application

Deleted all the other stuff, the AskToolbar stuff.  Let me know if you really think I should remove these 4 OpenCandy items and I will.  Maybe I should scan these files individually on Kaspersky or another site that scans questionable singles?  Will do that first if that is necessary.

 

And here’s the log you requested after FRST updated itself autosaving an “OlderVersion” folder:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by garytindall (administrator) on GTLLC on 27-12-2014 13:24:04
Running from C:\Users\garytindall\Desktop
Loaded Profile: garytindall (Available profiles: Gary Tindall & Visitorer & Trusted Friend & garytindall & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Green Eclipse) C:\Program Files (x86)\StickyPad\StickyPad.exe
(Apple Inc.) C:\Program Files\iTunesHelper.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
HKLM-x32\...\Run: [DivXUpdate] => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM-x32\...\Run: [DivX Download Manager] => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM-x32\...\Run: [bATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\...\RunOnce: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\getting_started.html
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\RunOnce: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\getting_started.html
HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Run: [sticky Pad] => C:\Program Files (x86)\StickyPad\StickyPad.exe [516153 2013-02-08] (Green Eclipse)
HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Policies\Explorer: [NoInternetOpenWith] 1
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2552641736-1398428658-1438833275-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {B60E0077-79C2-4797-A3CB-25B6D2C8F222} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {B60E0077-79C2-4797-A3CB-25B6D2C8F222} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default
FF Homepage: https://us-mg4.mail.yahoo.com/neo/launch?.rand=a9omccd1ji3hu#3761198123
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: WOT - C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-04]
FF Extension: DownloadHelper - C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: NoScript - C:\Users\garytindall\AppData\Roaming\Mozilla\Firefox\Profiles\wqucbu05.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-27]
FF HKU\S-1-5-21-2552641736-1398428658-1438833275-500\...\Firefox\Extensions: [{df340737-4d2d-473e-a376-cc713ef560ba}] - C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox70Connector

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [22736 2014-07-14] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001_d35\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [121552 2014-07-14] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141226.001\IDSvia64.sys [637656 2014-12-11] (Symantec Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141226.018\ENG64.SYS [129752 2014-12-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141226.018\EX64.SYS [2137304 2014-12-11] (Symantec Corporation)
R2 ParagonLDM; C:\Windows\system32\drivers\biont_bs.sys [19208 2014-04-11] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 UnHooker; C:\Windows\SysWOW64\DRIVERS\UnHooker.sys [25400 2010-01-20] ()
S1 ccHP; \SystemRoot\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 13:24 - 2014-12-27 13:24 - 00019129 _____ () C:\Users\garytindall\Desktop\FRST.txt
2014-12-27 13:22 - 2014-12-27 13:22 - 00000000 ____D () C:\Users\garytindall\Desktop\FRST-OlderVersion
2014-12-26 02:10 - 2014-12-26 02:10 - 00000000 ____D () C:\Users\garytindall\AppData\Local\Green Eclipse
2014-12-26 02:09 - 2014-12-27 12:58 - 00000224 _____ () C:\Windows\setupact.log
2014-12-26 02:09 - 2014-12-26 02:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-25 22:29 - 2014-12-25 22:29 - 00002715 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\New sticky note.lnk
2014-12-25 22:29 - 2014-12-25 22:29 - 00000000 ____D () C:\Program Files (x86)\StickyPad
2014-12-24 05:04 - 2014-12-24 05:05 - 00000000 ____D () C:\Users\garytindall\Desktop\PagefileReset
2014-12-22 13:43 - 2014-12-22 14:03 - 00000000 ____D () C:\AdwCleaner
2014-12-22 11:23 - 2014-12-22 11:23 - 00000263 _____ () C:\DelFix.txt
2014-12-22 11:23 - 2014-12-22 11:23 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 01:54 - 2014-12-27 13:24 - 00000000 ____D () C:\FRST
2014-12-21 01:53 - 2014-12-27 13:22 - 02122752 _____ (Farbar) C:\Users\garytindall\Desktop\FRST64.exe
2014-12-20 22:07 - 2014-12-20 22:07 - 00000000 ____D () C:\Recovery
2014-12-20 21:18 - 2014-12-27 13:19 - 00000000 ____D () C:\Users\garytindall\Desktop\mbamMalwareRemovalForum
2014-12-20 18:39 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-20 18:39 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 17:45 - 2014-12-16 17:49 - 17545088 _____ () C:\Users\Gary Tindall\Downloads\The_Ebola_Virus.mp4
2014-12-16 16:41 - 2014-12-16 18:10 - 531204934 _____ () C:\Users\Gary Tindall\Downloads\TheWildBunch.mp4
2014-12-16 16:39 - 2014-12-16 16:39 - 00000410 _____ () C:\Users\Gary Tindall\Downloads\d142f4fa21.360.mp4
2014-12-14 22:18 - 2014-12-14 22:18 - 00000000 ____D () C:\Program Files (x86)\zzAutoruns
2014-12-14 22:02 - 2014-12-14 22:02 - 00139264 _____ () C:\Program Files (x86)\SystemLook Finder.exe
2014-12-13 10:56 - 2014-12-22 14:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 10:55 - 2014-12-13 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 10:55 - 2014-12-13 10:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-13 10:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 15:27 - 2014-12-22 14:44 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-12 15:27 - 2014-12-12 16:37 - 00000000 ____D () C:\MGtools
2014-12-12 15:27 - 2014-12-12 15:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-12 13:18 - 2014-12-12 16:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-12 05:08 - 2014-12-12 05:08 - 00000000 ____D () C:\Users\garytindall\AppData\Local\Adobe
2014-12-12 03:54 - 2014-12-12 03:56 - 00000000 ____D () C:\ProgramData\Acronis
2014-12-12 03:54 - 2014-12-12 03:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-12-12 03:54 - 2014-12-12 03:54 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-12-12 03:48 - 2014-12-12 03:48 - 00000000 ____D () C:\Users\Gary Tindall\AppData\Local\Adobe
2014-12-12 03:07 - 2014-12-12 03:07 - 00001979 _____ () C:\Users\Gary Tindall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sleep 2.0.lnk
2014-12-12 03:07 - 2014-12-12 03:07 - 00000000 ____D () C:\Program Files (x86)\Sleep 2.0
2014-12-12 02:45 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 02:45 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-12 02:45 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 02:45 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 02:45 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 02:45 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-12 02:45 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-12 02:45 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-12 02:45 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-12 02:45 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-12 02:42 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 02:42 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-12 02:40 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 02:40 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 02:40 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-12 02:23 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 02:23 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 02:23 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 02:23 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 02:23 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 02:23 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 02:23 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 02:23 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 02:23 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 02:23 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 02:23 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 02:23 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 02:23 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 02:23 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 02:23 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 02:23 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 02:23 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 02:23 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-12 02:23 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 02:23 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 02:23 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 02:23 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 02:23 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 02:23 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-12 02:23 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-12 02:23 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 02:23 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 02:23 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-12 02:23 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-12 02:23 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 02:23 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-12 02:23 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-12 02:23 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 02:23 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 02:23 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 02:23 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 02:23 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 02:23 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 02:23 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 02:23 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 02:23 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-12 02:23 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 02:23 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 02:23 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-12 02:23 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 02:23 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 02:23 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 02:23 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 02:23 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 02:23 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-12 02:23 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 02:23 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-12 02:23 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-12 02:23 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 02:06 - 2014-12-12 02:07 - 01885321 _____ () C:\Users\Gary Tindall\Desktop\Feel_Anticipation_Glade_Holiday_Commercial_with_Kevin_Ross.mp4
2014-12-12 01:30 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 01:30 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 12:15 - 2014-12-11 14:05 - 00000000 ____D () C:\MGADiagToolOutput
2014-12-11 11:35 - 2014-12-11 11:35 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2014-12-10 00:51 - 2014-12-10 01:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 21:28 - 2014-12-12 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-06 21:28 - 2014-12-06 21:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-06 21:23 - 2014-12-12 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\Mozilla Plugins
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\iTunesHelper.Resources
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\iTunes.Resources
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\iTunes
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\iPod
2014-12-06 21:22 - 2014-12-06 21:22 - 00000000 ____D () C:\Program Files\CD Configuration
2014-12-06 20:23 - 2014-12-06 20:23 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-12-06 20:22 - 2014-12-06 20:22 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-11-28 04:02 - 2014-11-28 04:02 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 13:05 - 2009-07-13 20:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 13:05 - 2009-07-13 20:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 13:02 - 2009-07-13 21:13 - 00118132 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 13:01 - 2014-11-15 00:56 - 00916950 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 12:58 - 2010-11-19 09:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 12:58 - 2009-12-22 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-27 12:58 - 2009-12-22 15:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-12-27 12:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 12:55 - 2010-09-02 23:17 - 00000000 ____D () C:\Windows\pss
2014-12-25 22:42 - 2010-11-19 09:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 22:33 - 2010-08-02 02:12 - 00000000 ____D () C:\Users\garytindall\AppData\Local\CrashDumps
2014-12-24 04:56 - 2012-06-22 22:09 - 00000000 ____D () C:\Users\Gary Tindall\Downloads\NewUtilitiesToShareAcrossMachines
2014-12-22 16:34 - 2014-09-28 06:10 - 00000000 ____D () C:\Users\garytindall\AppData\Roaming\vlc
2014-12-21 07:13 - 2011-06-19 03:56 - 00000008 __RSH () C:\Users\Gary Tindall\ntuser.pol
2014-12-21 07:13 - 2010-06-08 06:55 - 00000000 ____D () C:\Users\Gary Tindall
2014-12-21 06:34 - 2011-06-19 00:51 - 00000008 __RSH () C:\Users\garytindall\ntuser.pol
2014-12-21 06:34 - 2010-07-11 08:32 - 00000000 ____D () C:\Users\garytindall
2014-12-21 06:33 - 2010-08-23 13:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-21 06:30 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-21 02:23 - 2010-07-15 23:34 - 00000000 ____D () C:\Users\garytindall\Documents\SystemStuff
2014-12-20 22:05 - 2010-05-21 11:24 - 00000000 ____D () C:\ProgramData\Recovery
2014-12-16 23:57 - 2012-10-13 15:01 - 00000000 ____D () C:\Users\Gary Tindall\AppData\Roaming\Audacity
2014-12-15 14:25 - 2010-06-09 00:58 - 00000000 ____D () C:\Users\Gary Tindall\AppData\Roaming\Media Player Classic
2014-12-15 13:08 - 2010-12-14 21:32 - 00000000 ____D () C:\Users\Gary Tindall\Documents\Issues
2014-12-14 16:23 - 2011-03-20 00:52 - 00000000 ____D () C:\Users\Gary Tindall\Documents\Health
2014-12-13 16:48 - 2011-01-10 16:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-13 10:55 - 2011-01-10 16:54 - 00000000 ____D () C:\Users\garytindall\AppData\Roaming\Malwarebytes
2014-12-13 10:55 - 2011-01-10 16:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-13 00:35 - 2011-03-04 04:08 - 00000000 ____D () C:\Users\Gary Tindall\Documents\MoneyAndLaw
2014-12-12 18:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 16:34 - 2011-09-12 00:31 - 00000000 ____D () C:\Users\Visitorer.CrescereMarineE
2014-12-12 16:34 - 2011-09-12 00:29 - 00000000 ____D () C:\Users\Trusted Friend
2014-12-12 16:34 - 2011-06-19 01:45 - 00000000 ____D () C:\Users\Visitorer
2014-12-12 13:32 - 2012-09-25 18:16 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-12 12:45 - 2010-09-09 01:06 - 00000000 ____D () C:\Users\garytindall\Documents\StickyPadNotes
2014-12-12 12:35 - 2014-09-15 19:23 - 00000000 ____D () C:\Users\Gary Tindall\AppData\Roaming\vlc
2014-12-12 02:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 02:53 - 2013-07-11 02:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 02:46 - 2010-05-11 21:09 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 01:15 - 2009-12-22 16:37 - 00000000 ____D () C:\ProgramData\Norton
2014-12-12 01:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-12-12 01:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-12 01:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-12 01:13 - 2014-06-06 16:59 - 00000000 ____D () C:\Program Files (x86)\mbar (MalwareBytesRootkitUtility)
2014-12-11 13:07 - 2013-03-24 14:26 - 00000000 ____D () C:\Users\Gary Tindall\Documents\MyStuffPartsAndManuals
2014-12-11 03:17 - 2012-06-11 04:31 - 00000000 ____D () C:\NST
2014-12-10 00:23 - 2010-06-07 12:03 - 00000000 ____D () C:\Windows\CSC
2014-12-09 19:42 - 2010-06-08 12:15 - 00000000 ____D () C:\Users\Gary Tindall\Documents\SystemStuff
2014-12-06 21:52 - 2012-10-10 23:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 21:40 - 2011-01-14 16:04 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-12-06 21:39 - 2011-01-14 16:04 - 00000000 ____D () C:\Program Files\Paint.NET
2014-12-06 21:22 - 2014-04-24 14:00 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-06 21:21 - 2014-07-18 22:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-06 21:17 - 2010-05-11 22:18 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-12-06 21:14 - 2014-11-15 00:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-06 21:03 - 2014-09-09 22:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-06 21:03 - 2014-09-09 22:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 00:11

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by garytindall at 2014-12-27 13:25:07
Running from C:\Users\garytindall\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alarm (HKLM-x32\...\Alarm_is1) (Version: 2.0.7 - Bluefive software)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.3.0 - Auslogics Labs Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
Canon iX6500 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6500_series) (Version:  - )
Canon iX6500 series User Registration (HKLM-x32\...\Canon iX6500 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Video Repair 2.2.3.0 (HKLM-x32\...\DigitalVideoRepair_is1) (Version: 2.2.3.0 - Rising Research)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Duplicate Cleaner 2.1b (HKLM-x32\...\Duplicate Cleaner) (Version: 2.1b - DigitalVolcano)
Duplicate Cleaner Free 3.0.0 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.0.0 - DigitalVolcano) <==== ATTENTION
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExtremeCopy (HKLM\...\{DFCE9296-5A54-468F-A0A9-98B978DFCD26}) (Version: 2.1.0000 - Easersoft)
ExtremeCopy (HKLM-x32\...\{23D6630B-7538-483B-8B27-6452AE3BA628}) (Version: 1.00.0000 - Easersoft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FilExile (HKLM-x32\...\{1310229C-E62A-4F05-87DB-13979A5D2EFC}_is1) (Version: 1.51 - Bryan Carey)
Free iPod Video Converter 1.34 (HKLM-x32\...\Free iPod Video Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free Registry Defrag (HKLM-x32\...\Free Registry Defrag_is1) (Version:  - iExpert Software)
Freemake Video Converter version 4.0.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.0 - AutomaticSolution Software)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
IM ToolPack (HKLM-x32\...\{B55EFE6E-EE08-44FC-855E-DA4D9D39FC5F}_is1) (Version: 1.0.0.56 - Crawler, LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
IZArc 4.1.9 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.9 - Ivan Zahariev)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Karen's Calculator (HKLM-x32\...\Karen's Calculator) (Version: 1.2.0.0 - Karen Kenworthy)
Karen's Directory Printer (HKLM-x32\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Macrorit Disk Partition Expert 2013 (HKLM-x32\...\Macrorit Disk Partition Expert) (Version: 2013 - Macrorit Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Matrix-ks (HKLM-x32\...\{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}) (Version: 3.6 - KellySoftware)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
MFC RunTime files x64 (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MPC-HC 1.7.0 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neuview Standard and Professional 6.08 (HKLM-x32\...\Neuview Pro_is1) (Version: 6.08.0253 - QO Developments)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 3.0.0.66 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5957 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{141BA46D-2D1F-4DA6-9448-B847334585C0}) (Version: 4.0.4 - dotPDN LLC)
Paragon ExtFS for Windows (HKLM-x32\...\DokanLibrary) (Version:  - )
Pixelfusion WMP Plugin 2.72 (HKLM-x32\...\Pixelfusion WMP Plugin_is1) (Version: 2.72.0001 - QO Labs)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Puran Defrag 7.7 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Rename Master (HKLM-x32\...\Rename Master_is1) (Version:  - )
Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 4.0 SR8 (HKLM-x32\...\{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}) (Version: 4.0.50401 - Robert McNeel & Associates)
Rhinoceros 4.0 SR9 (HKLM-x32\...\{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}) (Version: 4.0.60309 - Robert McNeel & Associates)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sleep 2.0 (HKLM-x32\...\{ABEB180F-8500-4CE2-9D8D-023A8C8A42DD}) (Version: 1.0.0 - nicckko)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
StickyPad (HKLM-x32\...\{08CE81A5-3D9D-4F9A-AEB2-07DB44ADCC2A}) (Version: 2.3.54 - Green Eclipse)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 Logon Background Changer (HKLM-x32\...\{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}) (Version: 1.3.4 - Julien MANICI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-12-2014 21:38:51 paint.net 4.0.4
09-12-2014 22:41:24 beforeDecUpdates
09-12-2014 22:43:33 Windows Update
09-12-2014 23:30:02 Windows Update
11-12-2014 03:49:17 Installed Sleep 2.0
11-12-2014 13:27:58 Windows Modules Installer
12-12-2014 01:11:04 Restore Operation
12-12-2014 02:43:02 Windows Update
12-12-2014 03:06:12 Installed Sleep 2.0
12-12-2014 16:21:59 Checkpoint by HitmanPro
14-12-2014 18:55:58 Removed StickyPad
14-12-2014 18:59:52 Installed StickyPad
20-12-2014 18:39:41 Windows Update
22-12-2014 11:38:35 beforeregmod
25-12-2014 22:28:06 Installed StickyPad

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D092998-5520-4D6D-A370-7A343FFFF526} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1601B0F1-5F95-43D6-895A-87B0D872CB56} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-17] (PC-Doctor, Inc.)
Task: {1D6D599D-14EA-4F03-93D2-543861847B6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {1DD353BE-B8E5-4DF5-8FAE-B890AA8206D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2552641736-1398428658-1438833275-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1F9F558D-CEEC-4A78-B155-BA05F94E3165} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2552641736-1398428658-1438833275-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {28CC9AB9-F098-4C2D-89F7-7C3086E28D42} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {3BB5E0C7-C1CE-4403-916A-F92E9FF66D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {5A8ECAE2-9A3E-4A61-9E03-549F46377E1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {62C2678D-CC67-43B1-ACBA-E04CA4A3E0DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: {69B8B192-66E0-431D-97FE-98940842AA35} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2552641736-1398428658-1438833275-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6DBE2276-7E49-426A-8B99-18DC9D88A03E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2552641736-1398428658-1438833275-500 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {71131AE1-377E-415D-99BE-FD0664A5EB10} - System32\Tasks\{1A68262C-7A22-4ADB-8982-9C7EC2D68521} => pcalua.exe -a C:\Users\garytindall\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\garytindall\Desktop
Task: {7B91C4CB-B97C-4AA0-9001-F6AE7F6AD676} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {82865C76-0BF0-4D65-B8D3-E03CCE8FC5AA} - System32\Tasks\{A5192E77-5AF0-4288-A007-6D16F86CB347} => C:\Users\garytindall\Desktop\Guru3D.com\Setup\RivaTuner224MSIMOA2009Edition.exe
Task: {91DB0511-A668-4897-80B3-A0B4DC104616} - System32\Tasks\{857DF165-D14D-439F-8FFE-0C8049182E1B} => pcalua.exe -a "C:\Users\Gary Tindall\Downloads\sp46377.exe" -d "C:\Users\Gary Tindall\Downloads"
Task: {BADE331E-A879-431F-B7E0-7A28453CD10F} - System32\Tasks\{843EF862-3E0D-44A3-910E-BF784FD6DBA7} => pcalua.exe -a C:\Users\garytindall\Desktop\sp44605.exe -d C:\Users\garytindall\Desktop
Task: {BBFFCB20-B127-41AD-89E2-077CC3A9CACA} - System32\Tasks\{151FA89F-7217-4D41-BB4F-5FEEF4647DCE} => pcalua.exe -a "C:\Users\Crescere Marine Eng\Desktop\Acrobat 6.0\Adobe Acrobat 6.0 Professional.exe" -d "C:\Users\Crescere Marine Eng\Desktop\Acrobat 6.0"
Task: {BD595A72-E3D8-45ED-BF4B-A2D7EE9B489D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2552641736-1398428658-1438833275-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6951885-A1C5-42CC-A239-09104BE7BCC0} - System32\Tasks\{7A6C7510-9E93-49D1-99E3-15DA34170B6E} => pcalua.exe -a "E:\Acrobat 6.0\Adobe Acrobat 6.0 Professional.exe" -d "E:\Acrobat 6.0"
Task: {D45A11F9-BA55-4EFE-9088-C87F8A91D537} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {D4941726-D71F-4C89-9559-7E89170BB0D9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E6E93C6A-0FA7-45BE-8C9F-F257CCAF8B3E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2552641736-1398428658-1438833275-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {EAB516AF-BFBF-4E8E-A343-B8F8EF66243C} - System32\Tasks\{2395A212-F97A-43A8-A540-CBA7072DF865} => C:\Program Files\Perfect Uninstaller\PU.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-09-16 09:37 - 2014-07-02 10:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-14 04:20 - 2014-07-14 04:20 - 00022736 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2012-12-04 18:00 - 2012-07-20 13:39 - 02469888 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2012-07-06 19:50 - 2009-02-19 16:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70296561.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70296561.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: LightScribeService => 3

========================= Accounts: ==========================

Gary Tindall (S-1-5-21-2552641736-1398428658-1438833275-1004 - Limited - Enabled) => C:\Users\Gary Tindall
garytindall (S-1-5-21-2552641736-1398428658-1438833275-500 - Administrator - Enabled) => C:\Users\garytindall
Guest (S-1-5-21-2552641736-1398428658-1438833275-501 - Limited - Disabled) => C:\Users\Visitorer
Trusted Friend (S-1-5-21-2552641736-1398428658-1438833275-1010 - Limited - Enabled) => C:\Users\Trusted Friend
Visitorer (S-1-5-21-2552641736-1398428658-1438833275-1009 - Limited - Enabled) => C:\Users\Visitorer.CrescereMarineE

==================== Faulty Device Manager Devices =============

Name: Symantec Hash Provider
Description: Symantec Hash Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccHP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/26/2014 02:09:14 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2208) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00190.log.


System errors:
=============
Error: (12/27/2014 00:58:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccHP
UnHooker

Error: (12/27/2014 00:58:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\UnHooker.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/27/2014 00:53:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccHP
UnHooker

Error: (12/27/2014 00:52:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\UnHooker.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/26/2014 02:49:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccHP
UnHooker

Error: (12/26/2014 02:49:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\UnHooker.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/26/2014 02:09:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 02:09:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/26/2014 02:09:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccHP
UnHooker

Error: (12/26/2014 02:08:46 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\UnHooker.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:20 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/26/2014 02:09:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (12/26/2014 02:09:14 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/26/2014 02:09:14 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows2208Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00190.log-1811


CodeIntegrity Errors:
===================================
  Date: 2012-10-31 21:42:35.480
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:35.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:33.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:33.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:32.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:32.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:31.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:30.987
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:24.997
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-31 21:42:24.856
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon II X2 215 Processor
Percentage of memory in use: 20%
Total physical RAM: 7935.24 MB
Available physical RAM: 6303.37 MB
Total Pagefile: 15868.66 MB
Available Pagefile: 14241.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:418.72 GB) (Free:220.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (Backups) (Fixed) (Total:409.84 GB) (Free:48.65 GB) NTFS
Drive j: (PagefilePlus) (Fixed) (Total:58.89 GB) (Free:58.79 GB) NTFS
Drive k: (BackupsOld) (Fixed) (Total:365.12 GB) (Free:80.76 GB) NTFS
Drive l: (BertsFiles) (Fixed) (Total:97.66 GB) (Free:27.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=418.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=169.4 GB) - (Type=83)
Partition 4: (Not Active) - (Size=8 GB) - (Type=82)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D1005E71)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=58.9 GB) - (Type=42)
Partition 3: (Not Active) - (Size=872.6 GB) - (Type=42)

==================== End Of Log ============================

Link to post
Share on other sites

One more tidbit for ya:  I recall after purchasing this unit years ago that I ran Belarc and the dual-capability of my CPU wasn't listed so I had to go in and manually switch-on the dual capicity of my processor.  Like, these AMD duals aren't shipped with dual capicity turned on.  And I imagine hardly anybody knows this.  Your thoughts?

 

gt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.