Jump to content

Bad case of malware,please help!


Recommended Posts

Hi,

 

I have been directed to this forum from where I originally posted this....

 

 

I have ads popping up on every webpage, tabs opening without permission, text on websites highlighted like links, which are more ads

 

I managed to download and have ran adwcleaner.

 

I have the results for this.

 

I was ready to clean and/or install (almost) everything it found, but I saw some registry files which begin

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstsall

                             ---or----                                              \Installer\UserData

 

etc

 

are these safe to delete?

 

Is this technically adware?

 

Please help.

 

Many, many thanks

 

 

Link to post
Share on other sites

Yes they are. AdwCleaner creates a back-up of what is targeted to be deleted so you can always restore them.

I also suggest you create a new system restore point and back-up the registry before you clean with AdwCleaner.

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done.

    MrC

Link to post
Share on other sites

I need to see 2 FRST logs and log from RogueKiller

Make sure you ran Malwarebytes as outlined.

 

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

 
<====><====><====><====><====><====><====><====>
 
1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........
Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found
Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Wait for the Prescan to finish

Click Scan to scan the system.
When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:
%programdata%/RogueKiller/Logs <-------W7
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

 

 

Link to post
Share on other sites

i know this may be a bit pointless, but as I said, I ran the scan, found some stuff and quarantined them.

When you replied, I re-scanned, and it found nothing, this (for what it's worth) is the re-scan log.

 

I will find the first scan results and post them.

 

-------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/02/2015
Scan Time: 15:52:10
Logfile: malwarebytes second scan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.05.07
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lux
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349002
Time Elapsed: 21 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

ok, here is first scan log that found stuff

 

-------------------------------------------------------------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/02/2015
Scan Time: 14:00:28
Logfile: malwarebytes first scan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.05.05
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: lux
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349122
Time Elapsed: 22 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [03d674a65931b185a63dbc47f11238c8], 
PUP.Optional.WebSteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [03d674a65931b185a63dbc47f11238c8], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [03d674a65931b185a63dbc47f11238c8], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1241543417-744128970-1710732207-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5188a3772664c0762f9abc4292708d73], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6f16816a}, Quarantined, [12c7f6246d1dc373a5e1c8e0b44f53ad], 
PUP.Optional.LowPricesApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [11c8c1593c4eef472f2f374725dee11f], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
Rogue.Multiple, C:\ProgramData\1887373585, Quarantined, [9b3ec159a9e13cfa414ea09c3fc4b749], 
PUP.Optional.LowPricesApp.A, C:\ProgramData\LowPricesApp, Quarantined, [11c8c1593c4eef472f2f374725dee11f], 
 
Files: 20
PUP.Optional.WebSteroids.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Quarantined, [03d674a65931b185a63dbc47f11238c8], 
Trojan.Agent, C:\Users\lux\AppData\Local\Temp\Quarantine.exe, Quarantined, [b6236ab06723c5715dfa29f24cb638c8], 
PUP.Optional.BundleInstaller, C:\Users\lux\Downloads\MSN Messenger (1).exe, Quarantined, [a8312bef9af054e226148a03946da55b], 
PUP.Optional.BundleInstaller, C:\Users\lux\Downloads\MSN Messenger (2).exe, Quarantined, [95448892751569cd4cee6b22837e926e], 
PUP.Optional.BundleInstaller, C:\Users\lux\Downloads\MSN Messenger.exe, Quarantined, [25b450cae5a53006be7c6d2014eda15f], 
PUP.Optional.OutBrowse, C:\Users\lux\Downloads\Java_setup.exe, Quarantined, [bd1c23f7cdbd9f9703faa1791fe3ac54], 
PUP.Optional.Bandoo, C:\Users\lux\Downloads\iLividSetup-r394-n-bc.exe, Quarantined, [17c232e8c6c41521a50ae04f36cb22de], 
PUP.Optional.MusicToolbar.A, C:\Users\lux\Downloads\BearShareSetup-r133-n-bc.exe, Quarantined, [e6f3a476177387af0d3d80c1827ff60a], 
PUP.Optional.DomaIQ, C:\Users\lux\Downloads\Setup (1).exe, Quarantined, [d702e634cebc39fd673c9fbd59a7b14f], 
PUP.Optional.JumpyApps.A, C:\Users\lux\Downloads\ZipOpenerSetup.exe, Quarantined, [c2173fdb7c0e320485d991df3ec322de], 
PUP.Optional.Bandoo.A, C:\Users\lux\Downloads\iMeshSetup-r393-n-bc (1).exe, Quarantined, [e0f9b76339513105e397f2613fc21fe1], 
PUP.Optional.Bandoo.A, C:\Users\lux\Downloads\iMeshSetup-r393-n-bc.exe, Quarantined, [1fba849622684aecbfbb8fc4e9188f71], 
PUP.Optional.OutBrowse, C:\Users\lux\Downloads\Installation.exe, Quarantined, [31a83dddf9911f175296722f788d24dc], 
PUP.Optional.Conduit.A, C:\Users\lux\Downloads\4Sync-1.0.6cm.exe, Quarantined, [b128a7738604979fac347ec7897742be], 
PUP.Optional.AZLyrics.A, C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [05d48e8cc3c733039f4765277291c23e], 
PUP.Optional.AZLyrics.A, C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [657484965f2b50e6a442d3b9768dce32], 
PUP.Optional.ShowPass.A, C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage, Quarantined, [954436e41e6c57df1b1cc1defe050af6], 
PUP.Optional.ShowPass.A, C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage-journal, Quarantined, [10c91efcabdf91a5ea4dd7c838cb6898], 
Rogue.Multiple, C:\ProgramData\1887373585\BIT7FAF.tmp, Quarantined, [9b3ec159a9e13cfa414ea09c3fc4b749], 
PUP.Optional.LowPricesApp.A, C:\ProgramData\LowPricesApp\LowPricesApp.exe, Quarantined, [11c8c1593c4eef472f2f374725dee11f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Ok,

 

frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by lux (administrator) on LUX-PC on 05-02-2015 16:33:08
Running from C:\Users\lux\Downloads
Loaded Profiles: lux (Available profiles: lux)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\lux\Downloads\FRST64 (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11786344 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-21] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2014-04-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\Run: [eccdbafabdfdecsacfsfdsf] => "C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe"
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\Run: [Google Update] => C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-17] (Google Inc.)
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll [109240 2010-07-01] (Kaspersky Lab ZAO)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1241543417-744128970-1710732207-1000 -> DefaultScope {A43324E5-400D-4178-BF92-9E2F7C1B714D} URL = http://uk.search.yahoo.com/search?fr=mcafee&type=A011GB0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1241543417-744128970-1710732207-1000 -> {A43324E5-400D-4178-BF92-9E2F7C1B714D} URL = http://uk.search.yahoo.com/search?fr=mcafee&type=A011GB0&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SSmartCoomPaare -> {4fdb85e0-1f8e-4186-b6bb-958131fdbad9} -> C:\Program Files (x86)\SSmartCoomPaare\kQL2qgJlwwBKgg.x64.dll No File
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: SaoverAddon -> {782eae67-7b95-4a25-913b-c8e9c881eb33} -> C:\Program Files (x86)\SaoverAddon\j7Y88BQOJjsI0Q.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SSmartCoomPaare -> {4fdb85e0-1f8e-4186-b6bb-958131fdbad9} -> C:\Program Files (x86)\SSmartCoomPaare\kQL2qgJlwwBKgg.dll No File
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: SaoverAddon -> {782eae67-7b95-4a25-913b-c8e9c881eb33} -> C:\Program Files (x86)\SaoverAddon\j7Y88BQOJjsI0Q.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1241543417-744128970-1710732207-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1241543417-744128970-1710732207-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt
FF Extension: Kaspersky Anti-Spam Extension - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2014-04-22]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-17]
CHR Extension: (Google Drive) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-17]
CHR Extension: (Google Search) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-17]
CHR Extension: (Skype Click to Call) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-17]
CHR Extension: (Cloud Attach for Gmail by ZeroPC) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\milgdagkgnjgifepimndleebjabnnadl [2015-01-29]
CHR Extension: (shoPndropp) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnpbpmmbokhfdiphmljbmdpdmkbjchfl [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR Extension: (Gmail) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.XRZRJB6XVUMYISMQHUF7SXFSHQ - C:\Users\lux\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6f16816a; c:\Program Files (x86)\SeekerInit\SeekerInit.dll [1545216 2015-01-29] () [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [352976 2014-04-22] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2014-04-22] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 16:33 - 2015-02-05 16:33 - 00021113 _____ () C:\Users\lux\Downloads\FRST.txt
2015-02-05 16:33 - 2015-02-05 16:33 - 00000000 ____D () C:\FRST
2015-02-05 16:31 - 2015-02-05 16:31 - 02131968 _____ (Farbar) C:\Users\lux\Downloads\FRST64 (4).exe
2015-02-05 16:31 - 2015-02-05 16:31 - 02131968 _____ (Farbar) C:\Users\lux\Downloads\FRST64 (3).exe
2015-02-05 16:30 - 2015-02-05 16:30 - 02131968 _____ (Farbar) C:\Users\lux\Downloads\FRST64 (2).exe
2015-02-05 16:29 - 2015-02-05 16:30 - 02131968 _____ (Farbar) C:\Users\lux\Downloads\FRST64 (1).exe
2015-02-05 16:27 - 2015-02-05 16:27 - 02131968 _____ (Farbar) C:\Users\lux\Downloads\FRST64.exe
2015-02-05 16:23 - 2015-02-05 16:23 - 00005034 _____ () C:\malwarebytes first scan.txt
2015-02-05 16:16 - 2015-02-05 16:16 - 00001073 _____ () C:\malwarebytes second scan.txt
2015-02-05 15:44 - 2015-02-05 15:44 - 00000256 _____ () C:\DelFix.txt
2015-02-05 15:44 - 2015-02-05 15:44 - 00000000 ____D () C:\Windows\ERUNT
2015-02-05 15:43 - 2015-02-05 15:43 - 00709564 _____ () C:\Users\lux\Downloads\delfix_10.8.exe
2015-02-05 13:59 - 2015-02-05 15:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:59 - 2015-02-05 13:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 13:59 - 2015-02-05 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 13:59 - 2015-02-05 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 13:59 - 2015-02-05 13:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 13:59 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 13:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 13:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 13:57 - 2015-02-05 13:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\lux\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 10:56 - 2015-02-05 10:58 - 00000000 ____D () C:\AdwCleaner
2015-02-05 10:55 - 2015-02-05 10:55 - 02194432 _____ () C:\Users\lux\Downloads\adwcleaner_4.109.exe
2015-02-05 10:36 - 2015-02-05 10:37 - 02186752 _____ () C:\Users\lux\Downloads\adwcleaner-4-108-multi-win.exe
2015-02-04 23:17 - 2015-02-04 23:17 - 02451553 _____ () C:\Users\lux\Downloads\2EBF.tmp
2015-02-04 19:10 - 2015-02-04 19:10 - 00000020 _____ () C:\Users\lux\AppData\Roaming\appdataFr3.bin
2015-01-31 00:25 - 2015-01-31 00:25 - 00494744 _____ () C:\Users\lux\Downloads\bossa ending.wav
2015-01-30 14:53 - 2015-01-30 14:53 - 00054573 _____ () C:\Users\lux\Downloads\samba.mid
2015-01-30 14:52 - 2015-01-30 14:52 - 00037027 _____ () C:\Users\lux\Downloads\hideaway.mid
2015-01-30 14:51 - 2015-01-30 14:51 - 00018079 _____ () C:\Users\lux\Downloads\castles.mid
2015-01-30 14:49 - 2015-01-30 14:49 - 00013290 _____ () C:\Users\lux\Downloads\test.mid
2015-01-30 14:48 - 2015-01-30 14:48 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (13).mid
2015-01-30 14:46 - 2015-01-30 14:46 - 00006523 _____ () C:\Users\lux\Downloads\lessonpage.mid
2015-01-30 14:44 - 2015-01-30 14:44 - 00008073 _____ () C:\Users\lux\Downloads\seqbyinput (1).mid
2015-01-30 14:43 - 2015-01-30 14:43 - 00008073 _____ () C:\Users\lux\Downloads\seqbyinput.mid
2015-01-30 14:35 - 2015-01-30 14:35 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (12).mid
2015-01-30 14:34 - 2015-01-30 14:34 - 00013709 _____ () C:\Users\lux\Downloads\groovebyinput (11).mid
2015-01-30 14:32 - 2015-01-30 14:32 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (9).mid
2015-01-30 14:32 - 2015-01-30 14:32 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (10).mid
2015-01-30 14:30 - 2015-01-30 14:30 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (8).mid
2015-01-30 14:18 - 2015-01-30 14:18 - 00001849 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-30 14:18 - 2015-01-30 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-30 14:18 - 2015-01-30 14:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-30 14:18 - 2015-01-30 14:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-30 14:15 - 2015-01-30 14:16 - 42096984 _____ (Apple Inc.) C:\Users\lux\Downloads\QuickTimeInstaller (3).exe
2015-01-30 14:13 - 2015-01-30 14:13 - 00045941 _____ () C:\Users\lux\Downloads\groovebyinput (7).mid
2015-01-30 14:11 - 2015-01-30 14:11 - 00040144 _____ () C:\Users\lux\Downloads\groovebyinput (6).mid
2015-01-30 14:09 - 2015-01-30 14:09 - 00039141 _____ () C:\Users\lux\Downloads\groovebyinput (5).mid
2015-01-30 14:07 - 2015-01-30 14:07 - 00040552 _____ () C:\Users\lux\Downloads\groovebyinput (4).mid
2015-01-30 13:56 - 2015-01-30 13:56 - 00039413 _____ () C:\Users\lux\Downloads\groovebyinput (2).mid
2015-01-30 13:56 - 2015-01-30 13:56 - 00039294 _____ () C:\Users\lux\Downloads\groovebyinput (3).mid
2015-01-29 19:37 - 2015-01-29 19:37 - 00000280 _____ () C:\Users\lux\Downloads\Generic_3-2_guajeo (1).mid
2015-01-29 19:36 - 2015-01-30 13:56 - 00000000 ____D () C:\Users\lux\AppData\Roaming\vlc
2015-01-29 19:36 - 2015-01-29 19:36 - 00000280 _____ () C:\Users\lux\Downloads\Generic_3-2_guajeo.mid
2015-01-29 02:20 - 2015-01-29 02:21 - 00000000 ____D () C:\ProgramData\18016339474121360757
2015-01-29 02:00 - 2015-01-29 02:00 - 00000000 ____D () C:\Program Files (x86)\SeekerInit
2015-01-20 18:25 - 2015-01-20 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-19 14:58 - 2015-01-19 14:58 - 00000168 _____ () C:\Users\lux\Downloads\chordpitches (10).mid
2015-01-12 23:51 - 2015-01-12 23:51 - 00024560 _____ () C:\Users\lux\Downloads\Feb 15.xlsx
2015-01-12 11:55 - 2015-01-12 11:55 - 00012739 _____ () C:\Users\lux\Downloads\andy (1) (69).ods
2015-01-12 11:54 - 2015-01-12 11:54 - 00013044 _____ () C:\Users\lux\Downloads\andy (1) (68).ods
2015-01-12 11:53 - 2015-01-12 11:53 - 00012746 _____ () C:\Users\lux\Downloads\andy (1) (67).ods
2015-01-12 11:51 - 2015-01-12 11:51 - 00012750 _____ () C:\Users\lux\Downloads\andy (1) (66).ods
2015-01-12 11:36 - 2015-01-12 11:36 - 00012986 _____ () C:\Users\lux\Downloads\andy (1) (65).ods
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 16:22 - 2012-01-24 20:00 - 00000000 ____D () C:\Users\lux\AppData\Roaming\Skype
2015-02-05 16:17 - 2012-04-04 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:58 - 2014-04-17 20:22 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000UA.job
2015-02-05 15:48 - 2009-07-14 04:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 15:48 - 2009-07-14 04:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 14:57 - 2014-04-22 15:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-05 14:46 - 2009-07-14 05:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-05 14:45 - 2011-08-24 01:54 - 01894525 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:42 - 2012-01-25 10:56 - 00000000 ____D () C:\ProgramData\clear.fi
2015-02-05 14:41 - 2011-07-22 04:40 - 00000000 ____D () C:\Windows\th
2015-02-05 14:41 - 2010-11-21 03:47 - 00264078 _____ () C:\Windows\PFRO.log
2015-02-05 14:41 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 14:41 - 2009-07-14 04:51 - 00189903 _____ () C:\Windows\setupact.log
2015-02-05 01:10 - 2012-10-07 20:30 - 00000630 ____H () C:\Windows\Tasks\Norton Product InstallerIdle.job
2015-02-04 18:58 - 2014-04-17 20:22 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000Core.job
2015-01-30 17:03 - 2013-10-25 01:14 - 00012895 _____ () C:\Users\lux\Documents\andy (1).ods
2015-01-30 15:17 - 2012-04-04 18:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-30 15:17 - 2012-04-04 18:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-30 15:17 - 2011-07-22 04:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 14:06 - 2015-01-04 20:57 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-30 11:13 - 2014-10-22 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-30 11:13 - 2013-10-23 12:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-30 11:12 - 2014-10-22 17:32 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-30 11:12 - 2014-10-22 17:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-30 11:12 - 2014-10-22 17:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-30 11:12 - 2014-10-22 17:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-29 02:10 - 2012-02-04 13:25 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-20 18:25 - 2013-05-09 20:51 - 00001130 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk
2015-01-20 18:25 - 2013-05-09 20:51 - 00001118 _____ () C:\Users\Public\Desktop\NCH Tone Generator.lnk
2015-01-16 23:00 - 2014-04-17 20:24 - 00002320 _____ () C:\Users\lux\Desktop\Google Chrome.lnk
2015-01-13 10:50 - 2013-02-15 15:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-13 10:50 - 2011-07-22 04:24 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 13:56 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-04 19:10 - 2015-02-04 19:10 - 0000020 _____ () C:\Users\lux\AppData\Roaming\appdataFr3.bin
2012-05-15 21:24 - 2012-05-15 21:24 - 0004096 ____H () C:\Users\lux\AppData\Local\keyfile3.drm
2014-04-22 15:04 - 2014-04-22 15:04 - 0017408 _____ () C:\Users\lux\AppData\Local\WebpageIcons.db
2011-08-24 02:13 - 2011-08-24 02:15 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-10-26 21:18 - 2012-10-26 21:18 - 0000032 _____ () C:\ProgramData\Temp.log
 
Some content of TEMP:
====================
C:\Users\lux\AppData\Local\Temp\aacdec.exe
C:\Users\lux\AppData\Local\Temp\APNStub.exe
C:\Users\lux\AppData\Local\Temp\CloudBackup7867.exe
C:\Users\lux\AppData\Local\Temp\ffmpeg15.exe
C:\Users\lux\AppData\Local\Temp\ffsetup.exe
C:\Users\lux\AppData\Local\Temp\flacenc2.exe
C:\Users\lux\AppData\Local\Temp\GUR9B83.exe
C:\Users\lux\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\lux\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\lux\AppData\Local\Temp\mp3el.exe
C:\Users\lux\AppData\Local\Temp\mpsetup.exe
C:\Users\lux\AppData\Local\Temp\mssinstaller.exe
C:\Users\lux\AppData\Local\Temp\OfficeSetup.exe
C:\Users\lux\AppData\Local\Temp\optprosetup.exe
C:\Users\lux\AppData\Local\Temp\readSTILog.dll
C:\Users\lux\AppData\Local\Temp\SkypeSetup.exe
C:\Users\lux\AppData\Local\Temp\sqlite3.dll
C:\Users\lux\AppData\Local\Temp\tnsetup.exe
C:\Users\lux\AppData\Local\Temp\uninst.exe
C:\Users\lux\AppData\Local\Temp\vcredist_x64.exe
C:\Users\lux\AppData\Local\Temp\zipsetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 00:09
 
==================== End Of Log ============================
Link to post
Share on other sites

ok,

 

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by lux at 2015-02-05 16:34:00
Running from C:\Users\lux\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.1720.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Cloud Attach for Gmail by ZeroPC (HKLM-x32\...\{A2616871-3463-BCEE-5AFA-73773317A381}) (Version:  - "")
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.1.400 - Kaspersky Lab)
Kaspersky Anti-Virus 2011 (x32 Version: 11.0.1.400 - Kaspersky Lab) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.9 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MixPad (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.12 - NCH Software)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
raealdEal (HKLM-x32\...\{730C1F02-ABB6-7601-60ED-659A59700742}) (Version:  - "") <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6339 - Realtek Semiconductor Corp.)
SaoverAddon (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version:  - SaverAddon) <==== ATTENTION
saver  bbox (HKLM-x32\...\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}) (Version:  - "") <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
shoPndropp (HKLM-x32\...\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}) (Version:  - "") <==== ATTENTION
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SSmartCoomPaare (HKLM-x32\...\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}) (Version:  - SmartCompare) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lux\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lux\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lux\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lux\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lux\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
02-01-2015 10:05:20 Scheduled Checkpoint
07-01-2015 07:20:29 Windows Update
15-01-2015 10:51:52 Scheduled Checkpoint
30-01-2015 11:45:16 Scheduled Checkpoint
30-01-2015 14:17:07 Installed QuickTime 7
05-02-2015 15:41:01 fn ad pop ups
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0172E992-E646-49FF-8B3A-469A29270AA3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {02FD506B-4356-4C6B-98AF-14D79D93F21F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {0CB55090-5013-41C2-9948-1B7AC5925006} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {284CCF97-DAEE-4327-9E0E-021F56534F6F} - System32\Tasks\NCH Software\tonegenShakeIcon => C:\Program Files (x86)\NCH Software\ToneGen\ToneGen.exe [2015-01-20] (NCH Software)
Task: {566B7021-2B56-4BB3-8CCA-2743AB5E1AFE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {84091CF1-65EE-4C36-925C-E0ACB545E8D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000Core => C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {873C46BF-6B62-40E1-9E57-4B00168DEC17} - System32\Tasks\Norton Product InstallerIdle => C:\Windows\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe
Task: {9C693F4C-CD86-4623-87D8-3E44438D0B8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B9B93652-E954-45CD-8AD2-19FABF015103} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {C5668071-1E25-493E-809A-BA8B429F3FC7} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {C860FE93-FABE-4CA5-8812-6BA1D0426F1C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CE9483B4-2A43-4B04-B555-D2693C62EED1} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {D48D8684-69FA-45A2-8E9E-FD8897DC377E} - System32\Tasks\{95C31A64-6847-49DE-AE91-FD7842B11F62} => pcalua.exe -a "C:\Users\lux\Downloads\Shockwave_Installer_Slim (4).exe" -d C:\Users\lux\Downloads
Task: {D756D492-8AB7-45C5-AE62-A236A36847AC} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {DB6BD575-CD58-479B-A6ED-35FBC0BC1F66} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30] (Adobe Systems Incorporated)
Task: {E49EA608-E53D-46E7-AF3F-2F594AEDACD9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F19C99ED-F571-40EB-A230-1DF72E5F9AA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000UA => C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-17] (Google Inc.)
Task: {FFB2E860-6566-468C-B059-F51A2F64AE8D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000Core.job => C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1241543417-744128970-1710732207-1000UA.job => C:\Users\lux\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\SysWOW64\Adobe\Shockwave 11\SymInstallStub.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-15 08:23 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-10 17:53 - 2014-11-10 17:53 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2009-01-21 23:45 - 2009-01-21 23:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-03-19 10:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-07-22 04:54 - 2011-06-10 17:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-29 02:00 - 2015-01-29 02:00 - 01545216 _____ () c:\Program Files (x86)\SeekerInit\SeekerInit.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-05-20 10:13 - 2011-05-20 10:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-02-13 09:28 - 2014-02-13 09:28 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-07-22 04:10 - 2011-04-30 07:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-01-16 22:59 - 2015-01-09 00:35 - 01077064 _____ () C:\Users\lux\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 22:59 - 2015-01-09 00:35 - 00211272 _____ () C:\Users\lux\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 23:00 - 2015-01-09 00:35 - 09009480 _____ () C:\Users\lux\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 22:59 - 2015-01-09 00:35 - 01677128 _____ () C:\Users\lux\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 23:00 - 2015-01-09 00:35 - 14913352 _____ () C:\Users\lux\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\lux\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1241543417-744128970-1710732207-500 - Administrator - Disabled)
Guest (S-1-5-21-1241543417-744128970-1710732207-501 - Limited - Disabled)
lux (S-1-5-21-1241543417-744128970-1710732207-1000 - Administrator - Enabled) => C:\Users\lux
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2015 02:42:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 11:02:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (02/05/2015 10:52:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 10:33:40 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (02/05/2015 10:23:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 11:25:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/04/2015 10:40:31 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
Error: (02/04/2015 10:40:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (02/04/2015 10:30:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2015 05:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/05/2015 02:41:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 14:40:32 on ‎05/‎02/‎2015 was unexpected.
 
Error: (02/05/2015 02:40:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/05/2015 02:40:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/05/2015 10:51:41 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:50:18 on ‎05/‎02/‎2015 was unexpected.
 
Error: (02/05/2015 10:23:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:12:12 on ‎05/‎02/‎2015 was unexpected.
 
Error: (02/04/2015 11:25:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:22:31 on ‎04/‎02/‎2015 was unexpected.
 
Error: (02/04/2015 10:29:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:31:12 on ‎04/‎02/‎2015 was unexpected.
 
Error: (02/03/2015 05:49:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:30:40 on ‎03/‎02/‎2015 was unexpected.
 
Error: (02/03/2015 10:44:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 02:29:14 on ‎03/‎02/‎2015 was unexpected.
 
Error: (02/02/2015 01:09:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:07:57 on ‎02/‎02/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8043.86 MB
Available physical RAM: 4838.32 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 12468.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:344.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 158F369D)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

ok.

 

roguekiller log

 

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : lux [Administrator]
Mode : Scan -- Date : 02/05/2015  16:58:02
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1241543417-744128970-1710732207-1000\Software\Microsoft\Windows\CurrentVersion\Run | eccdbafabdfdecsacfsfdsf : "C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe"  -> Found
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1241543417-744128970-1710732207-1000\Software\Microsoft\Windows\CurrentVersion\Run | eccdbafabdfdecsacfsfdsf : "C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe"  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72AB48BD-210C-4507-AF14-F36DAC0380E2} | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{72AB48BD-210C-4507-AF14-F36DAC0380E2} | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{72AB48BD-210C-4507-AF14-F36DAC0380E2} | DhcpNameServer : 192.168.88.1 172.16.0.1 8.8.8.8 8.8.4.4 [(Private Address) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 3e54cc0f7fbc730325916f5f9a5fdbd2
[bSP] f1700170a716e8bbe9fb584833250e1a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

CHR dev: Chrome dev build detected! <======= ATTENTION

At some point you have to re-install Chrome.
The malware has modified your Google Chrome to the development version which makes you vulnerable to future infection.

=====================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

====================================

Lets check for any adware/spyware now:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please Update and run a Threat Scan (Malwarebytes)
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites

I think this is the right thing

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by lux at 2015-02-05 19:01:42 Run:1
Running from C:\Users\lux\Downloads
Loaded Profiles: lux (Available profiles: lux)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\...\Run: [eccdbafabdfdecsacfsfdsf] => "C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: SSmartCoomPaare -> {4fdb85e0-1f8e-4186-b6bb-958131fdbad9} -> C:\Program Files (x86)\SSmartCoomPaare\kQL2qgJlwwBKgg.x64.dll No File
BHO: SaoverAddon -> {782eae67-7b95-4a25-913b-c8e9c881eb33} -> C:\Program Files (x86)\SaoverAddon\j7Y88BQOJjsI0Q.x64.dll No File
BHO-x32: SaoverAddon -> {782eae67-7b95-4a25-913b-c8e9c881eb33} -> C:\Program Files (x86)\SaoverAddon\j7Y88BQOJjsI0Q.dll No File
CHR Extension: (shoPndropp) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnpbpmmbokhfdiphmljbmdpdmkbjchfl [2015-01-29]
CHR Extension: (Google Wallet) - C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
R2 6f16816a; c:\Program Files (x86)\SeekerInit\SeekerInit.dll [1545216 2015-01-29] () [File not signed]
C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe
c:\Program Files (x86)\SeekerInit
Task: {B9B93652-E954-45CD-8AD2-19FABF015103} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\lux\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
*****************
 
HKU\S-1-5-21-1241543417-744128970-1710732207-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eccdbafabdfdecsacfsfdsf => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fdb85e0-1f8e-4186-b6bb-958131fdbad9}" => Key deleted successfully.
"HKCR\CLSID\{4fdb85e0-1f8e-4186-b6bb-958131fdbad9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{782eae67-7b95-4a25-913b-c8e9c881eb33}" => Key deleted successfully.
"HKCR\CLSID\{782eae67-7b95-4a25-913b-c8e9c881eb33}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{782eae67-7b95-4a25-913b-c8e9c881eb33}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{782eae67-7b95-4a25-913b-c8e9c881eb33}" => Key deleted successfully.
C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnpbpmmbokhfdiphmljbmdpdmkbjchfl => Moved successfully.
C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
6f16816a => Service deleted successfully.
"C:\ProgramData\eccdbafabdfdecsacfsfdsf.exe" => File/Directory not found.
c:\Program Files (x86)\SeekerInit => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9B93652-E954-45CD-8AD2-19FABF015103}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9B93652-E954-45CD-8AD2-19FABF015103}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1241543417-744128970-1710732207-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
 
==== End of Fixlog 19:01:43 ====
Link to post
Share on other sites

Good morning MrC,

 

The malware/adware/virus did NOT like the adwcleaner links you gave me. It was hammering the page! I gave up last night and tried again now and have downloaded adwcleaner and ran scan.

 

I had managed to this before my very first post but did not save log.

 

There is only one program in files/folders I can see which I'd want to keep (NCH software)  it's free download sound editing software so I could install it again if you think it would be best just to delete it here?

 

Also, my initial concern when I ran adwcleaner scan was all the 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall..........etc

 

registry results, are these all alright to go?

 

I can post the whole log to be sure?

 

I will wait for your reply before pressing clean and downloading junkware removal tool.

 

Thank you

Link to post
Share on other sites

Ok,

 

adwcleaner log

 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 11:20:37
# Updated 05/02/2015 by Xplode
# Database : 2015-02-04.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : lux - LUX-PC
# Running from : C:\Users\lux\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\18016339474121360757
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\lux\AppData\Roaming\NCH Software
Folder Found : C:\Users\lux\Documents\Optimizer Pro
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\eccdbafabdfdecsacfsfdsf
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6F1868CA-A814-4585-BB38-D28DB0346AE3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6F1868CA-A814-4585-BB38-D28DB0346AE3}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4fdb85e0-1f8e-4186-b6bb-958131fdbad9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\P4fdb85e0_1f8e_4186_b6bb_958131fdbad9_.P4fdb85e0_1f8e_4186_b6bb_958131fdbad9_
Key Found : HKLM\SOFTWARE\Classes\P4fdb85e0_1f8e_4186_b6bb_958131fdbad9_.P4fdb85e0_1f8e_4186_b6bb_958131fdbad9_.9
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fdb85e0-1f8e-4186-b6bb-958131fdbad9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4fdb85e0-1f8e-4186-b6bb-958131fdbad9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730C1F02-ABB6-7601-60ED-659A59700742}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v
 
[C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\lux\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
 
AdwCleaner[R0].txt - [10285 bytes] - [05/02/2015 10:56:49]
AdwCleaner[R1].txt - [7249 bytes] - [06/02/2015 11:20:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7308 bytes] ##########
 
 
thank you
Link to post
Share on other sites

Thanks for the link.

 

In truth I have seen or noticed none of the problems the page mentions. The free download is pretty basic but has the functions I need, so I will keep.

 

Sorry to be so unsure, but in folders there are 3 entries with nch in them

 

C:\Program Files (x86)\NCH Software

C:\ProgramData\NCH Software

C:\Users\lux\AppData\Roaming\NCH Software

 

should I uncheck all of them?

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.