Jump to content


Photo

Printer Missing, cannot re-install, please help!

Started by feifan , Dec 13 2013 10:25 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 13 December 2013 - 10:25 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.13.08
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
User :: USER-PC [administrator]
 
Protection: Disabled
 
14/12/2013 11:56:15 AM
mbam-log-2013-12-14 (11-56-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269131
Time elapsed: 13 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

OTL logfile created on: 14/12/2013 12:11:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
 
1.97 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.83% Memory free
3.94 Gb Paging File | 2.62 Gb Available in Paging File | 66.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.39 Gb Total Space | 36.09 Gb Free Space | 24.65% Space Free | Partition Type: NTFS
Drive D: | 319.28 Gb Total Space | 233.58 Gb Free Space | 73.16% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/14 01:26:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/12/11 15:45:03 | 005,341,024 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/11 15:45:02 | 013,542,240 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/11 15:32:47 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/04 10:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/12/02 08:30:24 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/02 08:30:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/07 23:45:08 | 004,019,560 | ---- | M] (Reimage®) -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
PRC - [2013/11/02 12:05:33 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/29 22:15:26 | 002,063,408 | ---- | M] (www.dennisbabkin.com) -- C:\Temp\wz4895\wosb.exe
PRC - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/29 13:57:47 | 001,044,560 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\utorrent.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/12/21 14:05:41 | 000,845,880 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2011/12/21 14:05:40 | 001,377,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/11 15:59:58 | 000,217,185 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/04 10:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 10:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 10:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 10:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 10:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/12/02 08:30:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/12/21 14:05:41 | 000,845,880 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/12/12 18:36:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 15:45:03 | 005,341,024 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/02 08:30:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/07 23:45:08 | 004,019,560 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV - [2013/11/05 22:30:56 | 000,574,536 | ---- | M] (Copyright 2013 SAMSUNG) [Disabled | Stopped] -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe -- (Samsung Link Service)
SRV - [2013/11/02 12:05:33 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/11/02 12:05:11 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/11 15:30:30 | 000,401,800 | ---- | M] (Samsung) [Disabled | Stopped] -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV - [2013/09/17 11:15:35 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/07 01:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Disabled | Stopped] -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/06/11 15:59:58 | 000,217,185 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013/12/14 11:56:06 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/12/02 08:30:34 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/02 08:30:34 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/02 08:30:34 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/02 08:30:34 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/12/02 08:30:34 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/02 08:30:34 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/02 08:30:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/02 08:30:34 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/02 12:05:13 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/23 23:01:19 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/26 10:54:23 | 000,025,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\DVDHelp.sys -- (DVDHelp)
DRV - [2012/05/11 07:34:08 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/05/11 07:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/03/20 12:21:14 | 000,070,736 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/02/12 05:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/04/02 09:11:16 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/01/25 18:11:51] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/01/08 11:20:22 | 000,375,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187.sys -- (RTL8187)
DRV - [2009/12/22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/12/07 17:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/08/24 06:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/08/14 09:08:50 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/07/21 12:31:46 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 08:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/08 09:18:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009/06/11 15:59:58 | 000,407,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.a-s...&cc=MY&unqvl=18
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autoco...si=10180&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.autoco...si=10180&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.autoco...si=10180&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autoco...si=10180&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-my
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 D3 D7 DA 22 40 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autoco...si=10180&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autoco...si=10180&bi=400
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{08061986-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://search.jzip.c...q={SearchTerms}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...2B000E04C81A309
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADSA_enMY480
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autoco...q={searchTerms}
IE - HKCU\..\SearchScopes\{E541056B-618C-4F11-9545-0175463BB36A}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.a-s...nqvl=18&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1
FF - prefs.js..extensions.enabledAddons: WebSiteRecommendation%40weliketheweb.com:1.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\3227192\npxbdsetup.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013/03/18 17:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/29 14:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/12 16:57:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/29 14:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/17 11:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/11 07:53:10 | 000,000,000 | ---D | M]
 
[2011/01/25 18:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013/10/31 11:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions
[2013/05/31 09:11:55 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/07/15 16:13:17 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2013/05/31 16:45:50 | 000,000,000 | ---D | M] (cconntinuuetoossavee) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\cpkhw@hgaxu-.com
[2013/08/07 12:58:55 | 000,000,000 | ---D | M] (ssavenshAre) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\euoiua@lhcwui-.edu
[2011/11/01 13:04:02 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\ffxtlbr@Facemoods.com
[2013/06/11 08:28:38 | 000,000,000 | ---D | M] (conotinuetossave) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\wbnliw@datt.edu
[2013/05/31 16:45:50 | 000,000,000 | ---D | M] (EbooKKBorOwse) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\wdphby@fbpaoq.org
[2013/09/01 08:59:36 | 000,000,000 | ---D | M] ("WebSite Recommendation") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\WebSiteRecommendation@weliketheweb.com
[2013/06/11 08:28:39 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\xcxy8arrz@ps-vt.com
[2013/08/07 12:58:55 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\6mgzooct.default\extensions\xv8_rtz@t-iaai.org
[2013/08/20 13:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles6mgzooct.default\extensions
[2013/08/20 13:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles6mgzooct.default\extensions\staged
[2013/08/18 01:07:34 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\extensions\firefox@webconnect.co.xpi
[2013/05/02 12:06:46 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/31 09:10:09 | 000,006,502 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\searchplugins\babylon.xml
[2013/05/31 09:10:21 | 000,001,294 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\searchplugins\delta.xml
[2013/08/01 09:25:33 | 000,007,844 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\searchplugins\WebSearch.xml
[2013/09/17 11:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/17 11:15:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/09/17 11:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/09/17 11:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 11:15:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/29 14:16:31 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/03/17 15:28:22 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2011/11/01 13:04:03 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2009/12/16 12:29:40 | 000,000,839 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jZipWebSearch.xml
[2012/03/06 05:12:28 | 000,002,276 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\photopostb.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: BaiduSetUp Plugin (Enabled) = C:\Windows\Downloaded Program Files\3227192\npxbdsetup.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: DictaNote - Speech Recognizer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\7_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: General Crawler = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_1\
CHR - Extension: Google Calendar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: avast! Online Security = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_1\
CHR - Extension: Media Finder plugin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\utorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WOSB2] C:\Temp\wz4895\wosb.exe (www.dennisbabkin.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88103550-4074-4E0F-9FE9-C519C353B0EA}: DhcpNameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1929B13-D401-4841-8EED-B5F66A0D8EAF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA2BAE4D-9835-4243-930E-2990DF191262}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F08CD674-86C5-428A-906B-6D75E6BAAD9F}: DhcpNameServer = 192.168.42.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - C:\Windows\System32\RtlGina\RtlGina.dll (Realtek)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/14 11:56:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/13 16:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
[2013/12/13 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/12/13 08:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrinterShare
[2013/12/13 08:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PrinterShare
[2013/12/13 08:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\PrinterShare
[2013/12/13 08:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP2700 series
[2013/12/12 21:11:15 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL
[2013/12/12 21:11:15 | 000,035,840 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL
[2013/12/12 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Wise Registry Cleaner
[2013/12/12 20:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2013/12/12 20:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2013/12/12 19:55:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ParetoLogic
[2013/12/12 19:55:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DriverCure
[2013/12/12 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/12/12 19:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/12/12 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013/12/12 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013/12/12 19:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2013/12/12 19:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2013/12/12 19:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/12/12 19:31:02 | 000,000,000 | ---D | C] -- C:\rei
[2013/12/12 14:01:34 | 000,277,504 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMA4.DLL
[2013/12/12 11:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Manual
[2013/12/12 11:44:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2013/12/12 11:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/12/12 11:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2013/12/10 23:44:51 | 000,314,880 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMBA.DLL
[2013/12/10 14:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/10 13:53:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013/12/10 13:42:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING
[2013/12/10 13:34:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV
[2013/12/09 09:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/12/09 09:04:26 | 000,000,000 | ---D | C] -- C:\EPSON
[2013/12/07 08:08:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Vuze Downloads
[2013/12/05 09:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/12/05 09:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/12/02 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVAST Software
[2013/12/02 08:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/23 11:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickSet
[2013/11/20 10:02:43 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/20 10:02:43 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/20 10:02:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/20 10:02:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/20 10:02:43 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/20 10:02:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/20 10:02:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/20 10:02:43 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/20 10:02:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/20 10:02:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/20 10:02:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/20 10:02:43 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/20 10:02:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/20 10:02:43 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/20 10:02:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/20 10:02:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/20 10:02:43 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/20 10:02:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/20 10:02:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/20 10:02:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/20 10:02:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/20 10:02:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/20 10:02:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/20 10:02:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/20 10:02:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/20 10:02:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/20 10:02:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/20 10:02:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/20 10:02:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/20 10:02:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/20 10:02:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/20 10:02:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/20 10:02:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/20 10:02:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/20 10:02:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/20 10:02:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/20 10:01:01 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/20 10:01:01 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/11/20 10:01:01 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/11/20 10:01:01 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/11/20 10:01:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/11/20 10:01:01 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/11/20 10:01:01 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/11/20 10:01:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/20 10:01:01 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/11/20 10:01:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/11/20 10:01:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/11/20 10:01:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/11/20 10:01:01 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/11/20 10:01:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/11/20 10:01:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/11/20 10:01:01 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/11/20 10:01:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/11/20 10:01:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/11/20 10:01:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/11/20 10:01:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/11/20 10:01:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/11/20 10:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/11/20 10:01:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/11/20 10:01:01 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/11/20 09:58:25 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/11/20 09:49:18 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/11/20 09:49:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/11/20 09:49:06 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/11/20 09:49:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/11/20 09:49:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/11/20 09:49:00 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/11/20 09:49:00 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/11/20 09:48:45 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/20 09:48:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/20 09:48:28 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/11/20 09:48:04 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/20 09:48:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/20 09:41:14 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/11/20 09:41:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/11/20 09:40:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/11/20 09:40:31 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/11/20 09:40:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/20 09:40:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/20 09:40:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/11/20 09:40:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/20 09:40:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/11/20 09:40:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/11/20 09:40:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/20 09:40:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/11/20 09:40:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/20 09:40:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/11/20 09:40:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/20 09:40:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/20 09:40:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/11/20 09:40:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/11/20 09:40:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/20 09:40:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/11/20 09:40:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/11/20 09:40:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/20 09:40:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/20 09:40:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/20 09:40:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/11/20 09:40:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/20 09:40:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/11/20 09:40:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/20 09:40:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/20 09:40:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/11/20 09:40:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/11/20 09:40:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/11/15 13:04:37 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Anicesoft
[2013/11/15 13:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Anicesoft
[2013/11/15 13:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AniceSoft
[2013/11/07 16:43:17 | 086,424,648 | ---- | C] (Copyright 2013 SAMSUNG) -- C:\Program Files\SamsungLink_Installer32.exe
[2013/08/16 11:02:46 | 112,956,000 | ---- | C] (IMSIDesign                             &

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 14 December 2013 - 10:40 AM

Hello feifan.
 
Please give me more info about missing printer.  What is the make and model? How is it attached (directly by USB, or via LAN)?  When did it go missing?
 
Please do these important security updates:
Get Internet Explorer 11
Update Firefox: Run Firefox and do Alt-Help > About Firefox and get the update.
Improve the security of your computer by checking for old versions of Java and removing them using the Java Uninstall Tool.
 
You have a great many programs installed.  Some are adware or other nuisances that probably got bundled by other software.

Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Please download Junkware Removal Tool to your Desktop.
  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into a separate reply.
Download and save to your Desktop  RogueKillerX64.exe
  • Quit all programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • Start RogueKiller.exe
  • Wait until Prescan has finished
  • Click on Scan.
  • Wait until the Status box shows "Scan Finished"
  • Click on Delete
  • Wait unit the Status box shows Deleting Finished
  • Click on Report and copy/paste the content of the Notepad
  • The log should be found in RKreport[1].txt on your Desktop
  • Close RogueKiller and post RKreport in its own reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 14 December 2013 - 11:03 AM

Thank you very much for your quick respond.

 

I currently bought a canon iP7270 printer connected by LAN (wireless thru router).  I have successfully installed the printer and in the devices & printer I can find the printer  but cannot print because message saying that printer driver is not installed.  I called Canon and a technician came and checked.  He uninstalled and re-installed the printer but get the same message.  When he connect the printer through his note book then he can print through the printer.  So he said is Window's problem.

 

The printer I am using all the while is Canon ip2770 (by USB) and the technician has wrongly uninstalled the printer.  When he re-installed the printer, he got the same message.  The printer driver is not installed.

 

Tried everything but no luck.  Please help.

 

Will follow your above instruction and post your the result soon.

 

Thank you very much.

 


#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 14 December 2013 - 01:20 PM

Please make a screenshot of "message saying that printer driver is not installed".  

How to create and attach a screen shot

 


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 06:46 PM

# AdwCleaner v3.015 - Report created 15/12/2013 at 02:12:30
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\cconntinuuetoossavee
Folder Deleted : C:\ProgramData\conotinuetossave
Folder Deleted : C:\ProgramData\EbooKKBorOwse
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbooKKBorOwse
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\User\AppData\Local\jZip
Folder Deleted : C:\Users\User\AppData\LocalLow\baidu
Folder Deleted : C:\Users\User\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\User\AppData\LocalLow\jZip
Folder Deleted : C:\Users\User\AppData\Roaming\baidu
Folder Deleted : C:\Users\User\AppData\Roaming\Complitly
Folder Deleted : C:\Users\User\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\User\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\User\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\User\AppData\Roaming\MetaCrawler
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\User\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\User\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\User\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\ffxtlbr@Facemoods.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\cpkhw@hgaxu-.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\euoiua@lhcwui-.edu
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\wbnliw@datt.edu
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\wdphby@fbpaoq.org
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\WebSiteRecommendation@weliketheweb.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\xcxy8arrz@ps-vt.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\xv8_rtz@t-iaai.org
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\END
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\bProtector_extensions.rdf
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\invalidprefs.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\Babylon.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\delta.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\WebSearch.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3
File Deleted : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Deleted : C:\Windows\Tasks\PC Health Advisor.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF336FC5-B8F2-4CD9-AC96-2735D062A4FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF336FC5-B8F2-4CD9-AC96-2735D062A4FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6445EF95-5725-43CB-B93B-AE63037B7177}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33531B20-1073-4737-B4F0-47C07F9B49B4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6445EF95-5725-43CB-B93B-AE63037B7177}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EBE1EE6-ED2C-44B7-B12D-181A8260DA1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EBE1EE6-ED2C-44B7-B12D-181A8260DA1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86E1627D-8696-4657-B743-127CB8F08DBA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86E1627D-8696-4657-B743-127CB8F08DBA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_aeropeek_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_aeropeek_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=1120&r=2013/06/06&hid=517890032&lg=EN&cc=MY&unqvl=18&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.51a6c45e345bf.scode", "if(window.top==window.self){new function(){if(!document.getElementById(\"__yael_once\")){var b=this,j=[\"horizontal\",\"vertical\",\"images-horizontal\",\"[...]
Line Deleted : user_pref("extensions.51a6c4842b8d6.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQuery(\".down, .dloadf, .dloadt\").attr(\"hre[...]
Line Deleted : user_pref("extensions.51afeaf16cc22.scode", "if(window.top==window.self){new function(){if(!document.getElementById(\"__yael_once\")){var b=this,j=[\"horizontal\",\"vertical\",\"images-horizontal\",\"[...]
Line Deleted : user_pref("extensions.51afeb21315ef.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQuery(\".down, .dloadf, .dloadt\").attr(\"hre[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "b2b089cc00000000000000e04c81a309");
Line Deleted : user_pref("extensions.delta.instlDay", "15817");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:35:53");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Line Deleted : user_pref("extensions.facemoods.first_time", false);
Line Deleted : user_pref("extensions.facemoods.hmpg", true);
Line Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Line Deleted : user_pref("extensions.facemoods.id", "_#b2b089cc000000000000002618e109ea");
Line Deleted : user_pref("extensions.facemoods.instlDay", "_#15279");
Line Deleted : user_pref("extensions.facemoods.mntz", "");
Line Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Line Deleted : user_pref("extensions.facemoods.sid", "_#e824d45df4314902adc452f084eea214");
Line Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Line Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Line Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [26980 octets] - [15/12/2013 02:07:16]
AdwCleaner[S0].txt - [23933 octets] - [15/12/2013 02:12:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23994 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on 16/12/2013 Mon at  8:17:04.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3111971694-215417212-213921256-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\7+ Taskbar Tweaker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\7+ Taskbar Tweaker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{08061986-4074-43b7-BEA3-87217BDA74C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E541056B-618C-4F11-9545-0175463BB36A}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_monthly"
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_updates"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{04353488-84FA-4A4C-817D-E72DC41B7695}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1F1E5141-39B2-4611-95EE-53D029586B38}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{23107B1A-E006-43CD-97A4-3FC1A0D27EF2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{3A787730-AD40-46A0-9712-E4D9B39AAEF2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{51D64E3C-46BF-4281-B22C-F28326DECFB5}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5AD3E899-F4FF-4949-8FD6-856D529F8D70}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5BEF29F5-C6EF-478F-A967-F240528FE446}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7D5C607F-AF14-4D2E-82BE-FC90487CE5C3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{86AF4182-7D05-4F18-BF75-77352B0B39E1}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8FD50E58-29D6-4E89-B614-2D112F061A73}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{909088EA-96E2-4FF5-A548-917CB1040DFF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{99241CE4-2288-473C-8908-BCBA22B7F97A}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A7EAD745-7BE7-4A2C-BDF8-764D807309D4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A83CF754-6171-4283-B86F-6E23680CF77F}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F009EEE6-A6ED-43D7-B50F-B83175FAF788}
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\prefs.js
 
user_pref("browser.bdtoolbar.search_searchbar", false);
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/12/2013 Mon at  8:19:28.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 12/16/2013 08:31:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] wosb.exe -- C:\Temp\wz4895\wosb.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : WOSB2 ("C:\Temp\wz4895\wosb.exe" /run /systray dt="12/16/2013" tm="11:00:00 PM" file="C:\Program Files\TeamViewer\Version9\TeamViewer.exe" /repair /ptowu weekdays="Sun+Mon+Tue+Wed+Thur+Fri+Sat" /ast kv="2" vID="2" [7][x][x][7][x]) -> DELETED
[RUN][ROGUE ST] HKUS\S-1-5-21-3111971694-215417212-213921256-1000\[...]\Run : WOSB2 ("C:\Temp\wz4895\wosb.exe" /run /systray dt="12/16/2013" tm="11:00:00 PM" file="C:\Program Files\TeamViewer\Version9\TeamViewer.exe" /repair /ptowu weekdays="Sun+Mon+Tue+Wed+Thur+Fri+Sat" /ast kv="2" vID="2" [7][x][x][7][x]) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AADS-00S9B0 ATA Device +++++
--- User ---
[MBR] 3f3944b990672713b2de45ff40cfe75e
[BSP] a9411ab0b40cbb680e1d99b760e81d2e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 149900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 326938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_12162013_083141.txt >>
RKreport[0]_S_12162013_083033.txt
 
 
 
 

#6 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 06:49 PM

# AdwCleaner v3.015 - Report created 15/12/2013 at 02:12:30
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\cconntinuuetoossavee
Folder Deleted : C:\ProgramData\conotinuetossave
Folder Deleted : C:\ProgramData\EbooKKBorOwse
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbooKKBorOwse
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\User\AppData\Local\jZip
Folder Deleted : C:\Users\User\AppData\LocalLow\baidu
Folder Deleted : C:\Users\User\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\User\AppData\LocalLow\jZip
Folder Deleted : C:\Users\User\AppData\Roaming\baidu
Folder Deleted : C:\Users\User\AppData\Roaming\Complitly
Folder Deleted : C:\Users\User\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\User\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\User\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\User\AppData\Roaming\MetaCrawler
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\User\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\User\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\User\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\ffxtlbr@Facemoods.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\cpkhw@hgaxu-.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\euoiua@lhcwui-.edu
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\wbnliw@datt.edu
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\wdphby@fbpaoq.org
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\WebSiteRecommendation@weliketheweb.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\xcxy8arrz@ps-vt.com
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\xv8_rtz@t-iaai.org
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\END
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\bProtector_extensions.rdf
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\invalidprefs.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\Babylon.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\delta.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\jZipWebSearch.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\searchplugins\WebSearch.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3
File Deleted : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Deleted : C:\Windows\Tasks\PC Health Advisor.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF336FC5-B8F2-4CD9-AC96-2735D062A4FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF336FC5-B8F2-4CD9-AC96-2735D062A4FC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6445EF95-5725-43CB-B93B-AE63037B7177}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33531B20-1073-4737-B4F0-47C07F9B49B4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6445EF95-5725-43CB-B93B-AE63037B7177}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EBE1EE6-ED2C-44B7-B12D-181A8260DA1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EBE1EE6-ED2C-44B7-B12D-181A8260DA1D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86E1627D-8696-4657-B743-127CB8F08DBA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86E1627D-8696-4657-B743-127CB8F08DBA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Key Deleted : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebConnect_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_aeropeek_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_aeropeek_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_epub-reader-for-windows_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_jdownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6mgzooct.default\prefs.js ]
 
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.a-searchpage.info/?pid=1120&r=2013/06/06&hid=517890032&lg=EN&cc=MY&unqvl=18&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.51a6c45e345bf.scode", "if(window.top==window.self){new function(){if(!document.getElementById(\"__yael_once\")){var b=this,j=[\"horizontal\",\"vertical\",\"images-horizontal\",\"[...]
Line Deleted : user_pref("extensions.51a6c4842b8d6.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQuery(\".down, .dloadf, .dloadt\").attr(\"hre[...]
Line Deleted : user_pref("extensions.51afeaf16cc22.scode", "if(window.top==window.self){new function(){if(!document.getElementById(\"__yael_once\")){var b=this,j=[\"horizontal\",\"vertical\",\"images-horizontal\",\"[...]
Line Deleted : user_pref("extensions.51afeb21315ef.scode", "if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var a=function(){try{jQuery(\".down, .dloadf, .dloadt\").attr(\"hre[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "b2b089cc00000000000000e04c81a309");
Line Deleted : user_pref("extensions.delta.instlDay", "15817");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:35:53");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Line Deleted : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Line Deleted : user_pref("extensions.facemoods.first_time", false);
Line Deleted : user_pref("extensions.facemoods.hmpg", true);
Line Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Line Deleted : user_pref("extensions.facemoods.id", "_#b2b089cc000000000000002618e109ea");
Line Deleted : user_pref("extensions.facemoods.instlDay", "_#15279");
Line Deleted : user_pref("extensions.facemoods.mntz", "");
Line Deleted : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Line Deleted : user_pref("extensions.facemoods.sid", "_#e824d45df4314902adc452f084eea214");
Line Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Line Deleted : user_pref("extensions.facemoods.update", "_#v1.4.0");
Line Deleted : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [26980 octets] - [15/12/2013 02:07:16]
AdwCleaner[S0].txt - [23933 octets] - [15/12/2013 02:12:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23994 octets] ##########
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on 16/12/2013 Mon at  8:17:04.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3111971694-215417212-213921256-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\7+ Taskbar Tweaker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\7+ Taskbar Tweaker_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{08061986-4074-43b7-BEA3-87217BDA74C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E541056B-618C-4F11-9545-0175463BB36A}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_monthly"
Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_updates"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\microsoft\windows\start menu\programs\free window registry repair"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{04353488-84FA-4A4C-817D-E72DC41B7695}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1F1E5141-39B2-4611-95EE-53D029586B38}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{23107B1A-E006-43CD-97A4-3FC1A0D27EF2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{3A787730-AD40-46A0-9712-E4D9B39AAEF2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{51D64E3C-46BF-4281-B22C-F28326DECFB5}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5AD3E899-F4FF-4949-8FD6-856D529F8D70}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5BEF29F5-C6EF-478F-A967-F240528FE446}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7D5C607F-AF14-4D2E-82BE-FC90487CE5C3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{86AF4182-7D05-4F18-BF75-77352B0B39E1}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8FD50E58-29D6-4E89-B614-2D112F061A73}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{909088EA-96E2-4FF5-A548-917CB1040DFF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{99241CE4-2288-473C-8908-BCBA22B7F97A}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A7EAD745-7BE7-4A2C-BDF8-764D807309D4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A83CF754-6171-4283-B86F-6E23680CF77F}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F009EEE6-A6ED-43D7-B50F-B83175FAF788}
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\prefs.js
 
user_pref("browser.bdtoolbar.search_searchbar", false);
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\6mgzooct.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/12/2013 Mon at  8:19:28.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 12/16/2013 08:31:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] wosb.exe -- C:\Temp\wz4895\wosb.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : WOSB2 ("C:\Temp\wz4895\wosb.exe" /run /systray dt="12/16/2013" tm="11:00:00 PM" file="C:\Program Files\TeamViewer\Version9\TeamViewer.exe" /repair /ptowu weekdays="Sun+Mon+Tue+Wed+Thur+Fri+Sat" /ast kv="2" vID="2" [7][x][x][7][x]) -> DELETED
[RUN][ROGUE ST] HKUS\S-1-5-21-3111971694-215417212-213921256-1000\[...]\Run : WOSB2 ("C:\Temp\wz4895\wosb.exe" /run /systray dt="12/16/2013" tm="11:00:00 PM" file="C:\Program Files\TeamViewer\Version9\TeamViewer.exe" /repair /ptowu weekdays="Sun+Mon+Tue+Wed+Thur+Fri+Sat" /ast kv="2" vID="2" [7][x][x][7][x]) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AADS-00S9B0 ATA Device +++++
--- User ---
[MBR] 3f3944b990672713b2de45ff40cfe75e
[BSP] a9411ab0b40cbb680e1d99b760e81d2e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 149900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 326938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_12162013_083141.txt >>
RKreport[0]_S_12162013_083033.txt
 
 
 
 

Attached Files


#7 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 December 2013 - 07:42 PM

The screen shot was very helpful.
 
You may be missing c:\Windows\inf\ntprint.inf
We may be able to find another copy of it.
Please download SystemLook from the link below and save it to your Desktop on the affected PC.
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
[font='courier new', courier, monospace]ntprint.inf[/font]

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#8 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 08:14 PM

Thank you very much and appended below the log:-

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:08 on 16/12/2013 by User
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "ntprint.inf"
No files found.
 
-= EOF =-

#9 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 December 2013 - 08:23 PM

Try it again with this in its window:

:filefind
*ntprint.inf*

Post the new log.

 

I could offer you my copy but I have a 64-bit Win 7.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#10 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 08:29 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:28 on 16/12/2013 by User
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*ntprint.inf*"
C:\Windows\inf\ntprint.inf --a---- 9686 bytes [04:51 14/07/2009] [23:24 23/05/2012] 8492C0A8A555F278C7411E38C5434CCD
C:\Windows\System32\DriverStore\en-US\ntprint.inf_loc --a---- 144 bytes [04:55 14/07/2009] [02:05 14/07/2009] 7813BAFE24E4ABB75CB9B090C185B856
C:\Windows\System32\spool\drivers\w32x86\PCC\ntprint.inf_x86_neutral_88459cb66b0e2d44.cab --a---- 3758042 bytes [23:29 23/05/2012] [23:29 23/05/2012] (Unable to calculate MD5)
C:\Windows\winsxs\Manifests\x86_ntprint.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_f3d9e1459087053c.manifest --a---- 1113 bytes [04:55 14/07/2009] [04:55 14/07/2009] C113FC2C97EE6D5C98F7CC245ECC7AFE
C:\Windows\winsxs\Manifests\x86_ntprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_080e1da672d3d0af.manifest --a---- 9955 bytes [04:54 14/07/2009] [02:28 14/07/2009] 7E5B5189AAEA834A7064D0BF0A8AFE09
C:\Windows\winsxs\Manifests\x86_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_3ad6f3251c0676a9.manifest --a---- 21239 bytes [04:48 14/07/2009] [04:48 14/07/2009] 4324AE0BF305E36C61AC368F6331AF98
C:\Windows\winsxs\Manifests\x86_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_3d0806ed18f4fa43.manifest ------- 21239 bytes [00:39 23/05/2012] [00:39 23/05/2012] DD12F111F21C4B9A9079D3F84DA8DE4F
C:\Windows\winsxs\x86_ntprint.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_080e1da672d3d0af\ntprint.inf_loc --a---- 144 bytes [04:55 14/07/2009] [02:05 14/07/2009] 7813BAFE24E4ABB75CB9B090C185B856
C:\Windows\winsxs\x86_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_3ad6f3251c0676a9\ntprint.inf --a---- 9686 bytes [21:09 13/07/2009] [21:09 13/07/2009] 9F12C4D360853F9C98B5A8C4030065C0
C:\Windows\winsxs\x86_ntprint.inf_31bf3856ad364e35_6.1.7601.17514_none_3d0806ed18f4fa43\ntprint.inf --a---- 9686 bytes [01:15 23/05/2012] [04:37 20/11/2010] 8492C0A8A555F278C7411E38C5434CCD
 
-= EOF =-
 
 

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 December 2013 - 09:49 PM

You have one.  Open c:\Windows\inf\ntprint.inf in Notepad and copy it to your next reply.

 

It seems though the Canon driver is not installed.  I think you need to reinstall - but I can't find your printer.

This is confusing: 

I currently bought a canon iP7270 printer connected by LAN (wireless thru router).  I have successfully installed the printer and in the devices & printer I can find the printer  but cannot print because message saying that printer driver is not installed.  I called Canon and a technician came and checked.  He uninstalled and re-installed the printer but get the same message.  When he connect the printer through his note book then he can print through the printer.  So he said is Window's problem.
 
The printer I am using all the while is Canon ip2770 (by USB) and the technician has wrongly uninstalled the printer.

 

Canon doesn't list iP7270
There is a PIXMA iP7220, and there are PIXMA iP2700 and PIXMA iP2702.

Please look at the list - scroll down to Printers & Multifunction

Click the name of your printer and  then look in its Drivers & Software > Drivers

Get the driver installer and run it.  

 

And/or reinstall the whole printer software package that you got with the printer.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 11:21 PM

Canon iP7270 is under the Pixma iP7200 series printer the driver is same.


#13 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 15 December 2013 - 11:25 PM

 
 
 
; NTPRINT.INF (for Windows Server 2003 family)
;
; List of supported printers, manufacturers
;
 
[Version]
Signature="$Windows NT$"
Provider="Microsoft"
ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}
Class=Printer
CatalogFile=ntprint.cat
DriverIsolation=2
DriverVer=06/21/2006,6.1.7601.17514
 
[Manufacturer]
"Microsoft"=Microsoft,NTx86
 
[Microsoft.NTx86]
"{D20EA372-DD35-4950-9ED8-A6335AFE79F0}" = {D20EA372-DD35-4950-9ED8-A6335AFE79F0}, {D20EA372-DD35-4950-9ED8-A6335AFE79F0}
"{D20EA372-DD35-4950-9ED8-A6335AFE79F1}" = {D20EA372-DD35-4950-9ED8-A6335AFE79F1}, {D20EA372-DD35-4950-9ED8-A6335AFE79F1}
"{D20EA372-DD35-4950-9ED8-A6335AFE79F2}" = {D20EA372-DD35-4950-9ED8-A6335AFE79F2}, {D20EA372-DD35-4950-9ED8-A6335AFE79F2}
"{D20EA372-DD35-4950-9ED8-A6335AFE79F3}" = {D20EA372-DD35-4950-9ED8-A6335AFE79F3}, {D20EA372-DD35-4950-9ED8-A6335AFE79F3}
"{D20EA372-DD35-4950-9ED8-A6335AFE79F5}" = {D20EA372-DD35-4950-9ED8-A6335AFE79F5}, {D20EA372-DD35-4950-9ED8-A6335AFE79F5}
 
[{D20EA372-DD35-4950-9ED8-A6335AFE79F0}]
CopyFiles=UNIDRV,PJLMON.DLL,@TTFSUB.GPD,@LOCALE.GPD,@MSXPSINC.GPD
 
[{D20EA372-DD35-4950-9ED8-A6335AFE79F1}]
CopyFiles=PSCRIPT,@MSXPSINC.PPD,@PSCRPTFE.NTF
 
[{D20EA372-DD35-4950-9ED8-A6335AFE79F2}]
CopyFiles=PCLXL,@PCL5ERES.DLL,@PCL5URES.DLL,@PCL4RES.DLL
 
[{D20EA372-DD35-4950-9ED8-A6335AFE79F3}]
 
[{D20EA372-DD35-4950-9ED8-A6335AFE79F5}]
CopyFiles=XPSDRV
 
;
; MS Driver Core installs
;
; These sections are used by Printer OEMs to install MS provided drivers
;
 
 
; For Core Printer Driver {D20EA372-DD35-4950-9ED8-A6335AFE79F0}
 
; UNIDRV without PJLMON support
[UNIDRV.OEM]
CopyFiles=UNIDRV
 
; UNIDRV with PJLMON support
[UNIDRV_BIDI.OEM]
CopyFiles=UNIDRV,PJLMON.DLL
 
[UNIDRV_DATA]
DriverFile=UNIDRV.DLL
ConfigFile=UNIDRVUI.DLL
HelpFile=UNIDRV.HLP
 
; Data section that attaches PJLMON as the driver Lang Monitor
[UNIDRV_BIDI_DATA]
DriverFile=UNIDRV.DLL
ConfigFile=UNIDRVUI.DLL
HelpFile=UNIDRV.HLP
LanguageMonitor="PJL Language Monitor,PJLMON.DLL"
 
; Section to allow OEMs to reference the Global Font Substitution Table
[TTFSUB.OEM]
CopyFiles=@TTFSUB.GPD
 
; Section to allow OEMs to set locale dependencies
[LOCALE.OEM]
CopyFiles=@LOCALE.GPD
 
; Section to allow OEMs to include core GPD file(s) for XPSDrv driver
[XPSGPD.OEM]
CopyFiles=@MSXPSINC.GPD
 
; Section to allow OEMs to install PJLMON.DLL
[PJLMON.OEM]
CopyFiles=PJLMON.DLL
 
; For Core Printer Driver {D20EA372-DD35-4950-9ED8-A6335AFE79F1}
 
; PSCRIPT
[PSCRIPT.OEM]
CopyFiles=PSCRIPT
 
[PSCRIPT_FE.OEM]
CopyFiles=PSCRIPT,@PSCRPTFE.NTF
 
[PSCRIPT_DATA]
DriverFile=PSCRIPT5.DLL
ConfigFile=PS5UI.DLL
HelpFile=PSCRIPT.HLP
 
; Section to allow OEMs to include core PPD file(s) for XPSDrv driver
[XPSPPD.OEM]
CopyFiles=@MSXPSINC.PPD
 
; For Core Printer Driver {D20EA372-DD35-4950-9ED8-A6335AFE79F2}
 
; Section to allow OEMs to install PCL6 support files
[PCLXL.OEM]
CopyFiles=PCLXL,@PCL5ERES.DLL
 
[PCL5ERES.OEM]
CopyFiles=@PCL5ERES.DLL
 
[PCL5URES.OEM]
CopyFiles=@PCL5URES.DLL
 
[PCL4RES.OEM]
CopyFiles=@PCL4RES.DLL
 
 
; For Core Printer Driver {D20EA372-DD35-4950-9ED8-A6335AFE79F3}
 
; Section to allow OEMs to use sRGB color profile
[sRGBPROFILE.OEM]
ColorProfiles="sRGB Color Space Profile.icm"
 
 
; For Core Printer Driver {D20EA372-DD35-4950-9ED8-A6335AFE79F5}
 
[XPSDRV.OEM]
CopyFiles=XPSDRV
 
[PSCRIPT]
PSCRIPT5.DLL
PS5UI.DLL
PSCRIPT.HLP
PSCRIPT.NTF
PS_SCHM.GDL
 
[PJLMON.DLL]
PJLMON.DLL,,,0x00000020         ; Copy only if new binary
 
[UNIDRV]
UNIDRV.DLL
UNIRES.DLL
UNIDRVUI.DLL
STDNAMES.GPD
STDDTYPE.GDL
STDSCHEM.GDL
STDSCHMX.GDL
UNIDRV.HLP
 
 
[PCLXL]
PCLXL.DLL
PCLXL.GPD
P6FONT.GPD
PJL.GPD
P6DISP.GPD
 
[XPSDRV]
MXDWDRV.DLL
XPSSVCS.DLL
 
;
; Call SetupSetDirectoryId with 66000 to set the target directory at runtime
; (depending on which environment drivers are getting installed)
;
 
[DestinationDirs]
DefaultDestDir=66000
PJLMON.DLL=66002
 
[SourceDisksFiles]
LOCALE.GPD   = 1
MSXPSINC.PPD = 1
MSXPSINC.GPD = 1
MXDWDRV.DLL  = 1
PCLXL.DLL    = 1
PCLXL.GPD    = 1
PCL5ERES.DLL = 1
PCL5URES.DLL = 1
PCL4RES.DLL  = 1
P6FONT.GPD   = 1
PJL.GPD      = 1
PJLMON.DLL   = 1
P6DISP.GPD   = 1
PSCRIPT5.DLL = 1
PS5UI.DLL    = 1
PSCRIPT.HLP  = 1
PSCRIPT.NTF  = 1
PSCRPTFE.NTF = 1
PS_SCHM.GDL  = 1
STDNAMES.GPD = 1
STDDTYPE.GDL = 1
STDSCHEM.GDL = 1
STDSCHMX.GDL = 1
ttfsub.gpd   = 1
unidrv.dll   = 1
unidrv.hlp   = 1
unidrvui.dll = 1
unires.dll   = 1
XPSSVCS.DLL  = 1
 
[ControlFlags]
AlwaysExcludeFromSelect=*
 
[PrinterPackageInstallation.x86]
PackageAware=TRUE
 
[Strings]
 
 
;Localizable
Disk1="Windows Installation Disc"
 
[SourceDisksNames.x86]
1   = %Disk1%,,,"I386"
 
[SourceDisksNames.amd64]
1   = %Disk1%,,,"Amd64"
 
[SourceDisksNames.ia64]
1   = %Disk1%,,,"Ia64"
 
 
 
 

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 December 2013 - 11:41 PM

Looks fine.  Your ntprint.inf is exactly the same as mine except for the one line identifying "Microsoft"=Microsoft,NTx86

 

Did you reinstall the drivers?

Uninstall the printer software and delete C:\Program Files\Canon

 

Reinstall the software.  It should include the driver but if not then install the driver separately.

 

Check the printer via Control Panel > Devices and Printers (right click, Troubleshoot)..


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 16 December 2013 - 12:35 AM

 Printer cannot installed.  Same as I tried so many times.

 

 

Attached Files


#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 December 2013 - 12:40 AM

Did you uninstall and remove the printer first?

 

What installer are you using?  Didn't one come with your printer (probably named Setup)?

There are at least two different ways to install.  Tell me exactly what you did.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 16 December 2013 - 01:16 AM

Yes, I follow exactly what you told and installed the printer using the canon original cd.  

 

Insert cd and run MSETUP4.EXE 

 

Message 1:  Setup has been completed.

To check the setup results, click View Setup Results.

 

Model:  Canon iP7200 series

SSID:    RHVision

 

Message 2:  Setup Results List

Model:  Canon iP7200 series

Network Setup of the Printer:  Failed

Name:

Port Name:  CNBJNP_180CAC38D86D

Network Type:  Infrastructure

SSID:  RHVision

 

I noticed that my scanner also missing and faced the same problem to re-installed.

 

 

 

 

 


#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 December 2013 - 01:27 PM

So many things could be involved.  I am really groping here.

 

Set up the printer.  As far as I know, yours is not a wireless printer.  So is it connected to the router directly via USB cable?  Or is it attached to another PC (if so, can you see that PC on the network)?

 

Log in to the router.  In Wireless Settings tell the wireless router to provide IP addresses dynamically for all devices on the network. This is also known as Dynamic Host Configuration Protocol (DHCP).  How you do this will depend on what router you have.  Refer to its manual.  What is your router's make and model?

 
Clear the print spooler.  http://www.sevenforu...lear-reset.html

 

Reset the printer.  Power off and disconnect the power plug.  When disconnecting the power plug after turning off the power, be sure to confirm that the POWER lamp is not lit. If the power plug is disconnected from the wall outlet while the POWER lamp is lit or flashing, the printer may become unable to print properly since the Print Head is not protected.

Wait a few seconds, then replace the power plug and turn the printer on.  It will take a few minutes to reinitialize itself.

 

 

See what happens when you run MSETUP4.EXE after all that.

 
 


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 16 December 2013 - 09:48 PM

Tried all , still the same.


#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 December 2013 - 10:13 PM

I'm running out of ideas. You might get more ideas if you register and post at http://www.bleepingc...ernal-hardware/

If you do that, tell them I referred you and give them a link to this thread.

 

I'd still like to know the answer:

As far as I know, yours is not a wireless printer.  So is it connected to the router directly via USB cable?  Or is it attached to another PC (if so, can you see that PC on the network)?

 

 


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 feifan

feifan

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 17 December 2013 - 08:11 AM

ok, will let know if I find the way to solve this problem.

 

Thank you for spare your time to help me up.


#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 December 2013 - 03:41 PM

I'm sorry I couldn't figure it out.  But networked printers do tend to be tricky.

 

Clean up our tools:

 
Delete the DDS files and Security Check folder from your Desktop.  Also JRT and RogueKiller.
Run AdwCleaner and click Uninstall.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 December 2013 - 05:21 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE
Back to Resolved or inactive PC Troubleshooting


  1. SpywareInfo Forum
  2. General Computing Issues
  3. PC Checkup and Troubleshooting
  4. Resolved or inactive PC Troubleshooting
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button