Jump to content


Photo

AVG won't run because of "software restriction policy"


  • This topic is locked This topic is locked
15 replies to this topic

#1 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 10:38 AM

Running Windows XP on a Dell Inspiron 530.

 

I saw a previous post about this topic and ran AdwCleaner.exe.

 

Below is the log.  Thank you for your help.

 

# AdwCleaner v4.101 - Report created 22/11/2014 at 11:20:03
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ed R - ED
# Running from : C:\Documents and Settings\Ed R\My Documents\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Video downloader
Folder Deleted : C:\Program Files\FlvPlayer
Folder Deleted : C:\Program Files\freeonlineradioplayerrecorder
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Video downloader
Folder Deleted : C:\Documents and Settings\Ed R\Local Settings\Application Data\freeonlineradioplayerrecorder
Folder Deleted : C:\Documents and Settings\Ed R\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Ed R\Local Settings\Application Data\CrashRpt
Folder Deleted : C:\Documents and Settings\Ed R\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Ed R\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Ed R\Application Data\OpenCandy
[!] Folder Deleted : C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\EsgScanner.sys
File Deleted : C:\DOCUME~1\EDR~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Optimizer Pro v3.2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v33.1 (x86 en-US)

[0mhenplt.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "142cf755278a3bf1bd8b339b3c4fd597");
[0mhenplt.default\prefs.js] - Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394023930318");

-\\ Google Chrome v39.0.2171.65

[C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7357 octets] - [22/11/2014 11:14:58]
AdwCleaner[R1].txt - [7417 octets] - [22/11/2014 11:16:51]
AdwCleaner[S0].txt - [7484 octets] - [22/11/2014 11:20:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7544 octets] ##########
 

 

EDIT: Please read the Instructions http://www.spywarein...showtopic=79038 and post the other logs...  Our helpers need more detail to review in order to help...


Edited by Budfred, 22 November 2014 - 11:54 AM.


#2 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 01:56 PM

Here is the DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Ed R at 14:47:15 on 2014-11-22
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.494 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Autodesk\SketchBook Pro 6.2\SketchBookSnapshot.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\DOCUME~1\EDR~1\APPLIC~1\MEDIAF~1\MFUSNM~1.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://poems.com/
uProxyOverride = <local>;*.local
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\ed r\local settings\application data\akamai\netsession_win.exe"
uRun: [uTorrent] "c:\documents and settings\ed r\application data\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [MediaFire Tray] c:\documents and settings\ed r\application data\mediafire desktop\mf_watch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [FileOpenBroker] c:\program files\fileopen\services\FileOpenBroker32.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [{e344a897-4fa3-c69b-86a8-9c37edeeadc8}] "c:\documents and settings\all users\application data\microsoft\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}.exe"
mExplorerRun: [{e344a897-4fa3-c69b-86a8-9c37edeeadc8}] "c:\documents and settings\all users\application data\microsoft\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}.exe"
StartupFolder: c:\docume~1\edr~1\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\edr~1\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\documents and settings\ed r\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sketch~1.lnk - c:\program files\autodesk\sketchbook pro 6.2\SketchBookSnapshot.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://teamaccess.tsys.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D5C24CFD-995E-4231-8820-C3918F64C793} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.65\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ed r\application data\mozilla\firefox\profiles\0mhenplt.default\
FF - prefs.js: browser.startup.homepage - hxxp://poems.com/
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 172856]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182584]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2014-11-4 1432592]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2014-10-17 4942384]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 FileOpenManagerService;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerService32.exe [2012-11-7 213432]
R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2014-1-5 101888]
R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\docume~1\edr~1\applic~1\mediaf~1\MFUSNM~1.EXE [2013-12-1 457944]
R2 mfmonitor;mfmonitor;c:\windows\system32\drivers\mfmonitor_x86.sys [2013-12-1 19160]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2013-3-22 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-2-15 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2013-3-22 31848]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-4-15 27496]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-4-15 27496]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-4-15 27496]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-4-15 27496]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-4-15 27496]
.
=============== File Associations ===============
.
ShellExec: Views.exe: open="c:\robert~1\Views.exe"
.
=============== Created Last 30 ================
.
2014-11-22 18:54:11    --------    d-----w-    c:\windows\ERUNT
2014-11-22 16:14:51    --------    d-----w-    C:\AdwCleaner
2014-11-22 15:46:48    283697    ----a-w-    c:\documents and settings\all users\application data\microsoft\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}\{e344a897-4fa3-c69b-86a8-9c37edeeadc8}.exe
2014-11-16 01:02:47    --------    d-----w-    c:\program files\KleinSoft
2014-11-16 00:56:45    --------    d-----w-    c:\windows\CD27142034CF47DC80B7C409B6CD0DD8.TMP
2014-11-15 16:43:55    --------    d-----w-    c:\program files\Free Picture Solutions
2014-11-15 16:43:26    --------    d-----w-    c:\documents and settings\ed r\application data\Free Picture Solutions
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-11-13 01:10:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2014-11-13 01:02:52    --------    d-----w-    c:\documents and settings\all users\application data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-04 13:08:27    --------    d-----r-    c:\program files\Skype
.
==================== Find3M  ====================
.
2014-11-11 22:56:37    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 22:56:37    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-11 22:56:34    17926832    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-11-04 05:30:04    172856    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-10-17 20:34:46    182584    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-02 19:23:20    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-10-02 19:23:20    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
============= FINISH: 14:55:56.87 ===============
 



#3 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 01:59 PM

Here is checkup.txt from the Security Check program:

 

 Results of screen317's Security Check version 0.99.90  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
I
n
t
e
r
n
e
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
2
0
1
3
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 RealTime Cookie & Cache Cleaner (RtC3)
 Java 7 Update 51  
 Java version out of Date!
 Adobe Flash Player     15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1)
 Google Chrome (38.0.2125.111)
 Google Chrome (39.0.2171.65)
 Google Chrome (chrome.exe..)
 Google Chrome (debug.log..)
 Google Chrome (Dictionaries...)
 Google Chrome (master_preferences...)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
 



#4 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 03:40 PM

I hope I have done everything.  I'm not sure.  If I haven't, please let me know what specifically I need to post next. 

 

Thank you for your help!



#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,388 posts

Posted 22 November 2014 - 07:05 PM

Hi edridgley, and welcome to SWI.

 

Please download TFC by OldTimer to your Desktop.

  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    Let it run uninterrupted untill it has finished.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Download the below tool
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will create a log (FRST.txt) in the same directory the tool is run.
The first time the tool is run, it makes creates another log (Addition.txt).

Please post the contents of both, each in their own reply.

 

Please post the two logs from Farbar Recovery Scan Tool (FRST.txt and Addition.txt) each in their own reply (due to length), and then in a third reply the log from ESET Online Scanner, and note any errors encountered. If any of the logs are cut off, please check to see where they cut off and post the remainder in an additional reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 10:59 PM

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2014 01
Ran by Ed R (administrator) on ED on 22-11-2014 23:57:08
Running from C:\Documents and Settings\Ed R\My Documents\Downloads
Loaded Profile: Ed R (Available profiles: Ed R)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
() C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\mf_watch.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\MFUsnMonitorService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(SPEEDbit) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-09-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker32.exe [840624 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre7\bin\jusched.exe
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-08] (RealNetworks, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2013 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Ed R\Application Data\uTorrent\uTorrent.exe [1385808 2014-10-30] (BitTorrent Inc.)
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [MediaFire Tray] => C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\mf_watch.exe [1756392 2013-11-27] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
ShortcutTarget: SketchBook Snapshot.lnk -> C:\Program Files\Autodesk\SketchBook Pro 6.2\SketchBookSnapshot.exe (Autodesk Inc)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 110 series.lnk -> C:\Program Files\HP\HP ENVY 110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_90802.dll (TODO: <Company name>)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-682003330-1844237615-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://poems.com/
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> {EF05E381-9F09-4F26-A9BD-F3342B5AA112} URL = http://search.yahoo....p={SearchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://teamaccess.t...SetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 16 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default
FF Homepage: hxxp://poems.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\artur.dubovoy@gmail.com [2014-11-12]
FF Extension: Flash and Video Download - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-14]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-07-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-19]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://poems.com/
CHR StartupUrls: Default -> "hxxp://poems.com/"
CHR Profile: C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-16]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-16]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-11-07] (FileOpen Systems Inc.)
S2 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2008-04-14] (Microsoft Corporation)
R2 MF NTFS Monitor; C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [457944 2013-11-27] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-12-08] (SPEEDbit)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182584 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
R2 mfmonitor; C:\WINDOWS\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-11-27] (Windows ® Win 7 DDK provider)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-06-22] (Corel Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-08-19] (RapidSolution Software AG)
S3 WsAudio_Device(1); C:\WINDOWS\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\WINDOWS\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\WINDOWS\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\WINDOWS\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\WINDOWS\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 23:56 - 2014-11-22 23:57 - 00000000 ____D () C:\FRST
2014-11-22 23:54 - 2014-11-22 23:54 - 00002556 _____ () C:\Documents and Settings\Ed R\Desktop\ESETScan.txt
2014-11-22 21:27 - 2014-11-22 21:27 - 00000000 ____D () C:\Program Files\ESET
2014-11-22 15:16 - 2014-11-22 15:16 - 00000935 _____ () C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2014-11-22 15:16 - 2014-11-22 15:16 - 00000000 ____D () C:\Program Files\Panda Security
2014-11-22 15:16 - 2014-11-22 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2014-11-22 14:56 - 2014-11-22 14:56 - 00019704 _____ () C:\Documents and Settings\Ed R\Desktop\attach.txt
2014-11-22 14:56 - 2014-11-22 14:55 - 00015497 _____ () C:\Documents and Settings\Ed R\Desktop\dds.txt
2014-11-22 14:29 - 2014-11-22 21:33 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Spyware cleanup tools
2014-11-22 13:59 - 2014-11-22 13:59 - 00002195 _____ () C:\Documents and Settings\Ed R\Desktop\JRT.txt
2014-11-22 13:54 - 2014-11-22 13:54 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-22 13:50 - 2014-11-22 13:51 - 00004478 _____ () C:\Documents and Settings\Ed R\Desktop\Rkill.txt
2014-11-22 11:14 - 2014-11-22 14:34 - 00000000 ____D () C:\AdwCleaner
2014-11-19 08:53 - 2014-11-19 08:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-18 21:34 - 2014-11-18 22:15 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Bullshit
2014-11-18 20:10 - 2014-11-18 20:10 - 00001037 _____ () C:\Documents and Settings\Ed R\Desktop\Shortcut to SmartWAVConverter.exe.lnk
2014-11-15 20:02 - 2014-11-15 20:02 - 00000678 _____ () C:\Documents and Settings\Ed R\Desktop\RealTime Cookie & Cache Cleaner.lnk
2014-11-15 20:02 - 2014-11-15 20:02 - 00000000 ____D () C:\Program Files\KleinSoft
2014-11-15 20:02 - 2014-11-15 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RtC3
2014-11-15 11:43 - 2014-11-15 11:43 - 00001147 _____ () C:\Documents and Settings\All Users\Desktop\Free CBR To PDF Converter.lnk
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Program Files\Free Picture Solutions
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Free Picture Solutions
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free CBR To PDF Converter
2014-11-12 20:10 - 2014-11-12 20:10 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-12 20:10 - 2014-11-12 20:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-12 20:10 - 2014-11-12 20:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-12 20:04 - 2014-11-12 20:04 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-11-12 20:04 - 2014-11-12 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-11-12 20:02 - 2014-11-12 20:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-07 09:27 - 2014-11-11 08:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\SLAA
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ___RD () C:\Program Files\Skype
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-03 00:17 - 2014-11-03 00:17 - 00000000 ___RD () C:\Documents and Settings\Ed R\My Documents\HP Photo Creations

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 23:57 - 2013-02-15 07:35 - 00000000 ____D () C:\Documents and Settings\Ed R\Local Settings\Temp
2014-11-22 23:56 - 2013-02-17 12:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-22 23:25 - 2013-02-16 22:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 23:11 - 2013-09-16 01:44 - 00000488 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-11-22 22:41 - 2013-07-07 12:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-22 22:19 - 2013-02-14 19:46 - 00000263 _____ () C:\WINDOWS\wiadebug.log
2014-11-22 22:10 - 2013-02-14 19:39 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-22 22:08 - 2013-02-15 07:28 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-22 21:40 - 2013-02-16 20:20 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\SA
2014-11-22 21:24 - 2013-02-16 14:23 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\uTorrent
2014-11-22 21:21 - 2013-02-15 07:30 - 01667434 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-22 21:20 - 2013-12-01 13:43 - 00000000 ___HD () C:\Documents and Settings\Ed R\.mediafire
2014-11-22 21:20 - 2013-02-16 14:26 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:19 - 2013-02-16 14:26 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:19 - 2013-02-14 19:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-22 21:19 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-22 21:18 - 2014-04-24 23:20 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:18 - 2013-02-16 22:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 21:18 - 2013-02-15 07:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-22 21:17 - 2014-01-20 19:47 - 00342874 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2014-11-22 21:17 - 2013-02-17 20:28 - 00171930 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-11-22 21:17 - 2013-02-15 07:35 - 00000178 ___SH () C:\Documents and Settings\Ed R\ntuser.ini
2014-11-22 21:17 - 2013-02-15 07:33 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-22 20:40 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At2.job
2014-11-22 18:40 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At3.job
2014-11-22 16:05 - 2013-02-19 00:31 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 16:01 - 2013-02-16 14:51 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-22 14:40 - 2013-02-14 19:44 - 00669726 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-22 14:00 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At4.job
2014-11-22 11:52 - 2013-02-16 20:36 - 00002515 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Office Word 2007.lnk
2014-11-22 10:50 - 2014-09-20 14:41 - 00469768 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-11-22 10:10 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-22 02:24 - 2013-08-09 01:24 - 00000408 _____ () C:\WINDOWS\Tasks\At6.job
2014-11-21 23:01 - 2013-02-16 17:04 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Audacity
2014-11-21 17:26 - 2013-02-16 22:09 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-21 07:32 - 2013-03-17 17:38 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\My Audiobooks
2014-11-20 23:31 - 2013-02-16 19:14 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Personal
2014-11-20 22:52 - 2013-02-17 20:11 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Writing
2014-11-20 22:27 - 2014-02-06 02:09 - 00000727 _____ () C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-11-20 22:27 - 2013-09-11 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-11-20 22:27 - 2013-08-09 01:13 - 00001446 _____ () C:\Documents and Settings\Ed R\Desktop\DivX Movies.lnk
2014-11-20 22:27 - 2013-08-09 01:09 - 00000000 ____D () C:\Program Files\DivX
2014-11-20 22:27 - 2013-08-09 01:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-11-20 22:26 - 2013-09-11 20:24 - 00000792 _____ () C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-11-20 22:13 - 2013-08-27 00:43 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Calibre Library
2014-11-19 17:08 - 2013-02-17 14:09 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 08:53 - 2013-07-28 09:43 - 00272606 _____ () C:\WINDOWS\setupapi.log
2014-11-19 08:53 - 2013-07-14 06:33 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2014-11-15 19:34 - 2013-02-23 20:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-14 00:27 - 2013-02-19 00:31 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-13 18:29 - 2013-08-31 12:21 - 00000000 ____D () C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai
2014-11-12 20:03 - 2013-02-16 17:00 - 00000000 ____D () C:\Program Files\iPod
2014-11-12 20:03 - 2013-02-16 16:59 - 00000000 ____D () C:\Program Files\iTunes
2014-11-12 20:02 - 2013-02-16 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-11 17:56 - 2014-04-28 21:56 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-11 17:56 - 2014-03-19 19:54 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 17:56 - 2014-03-19 19:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-07 15:39 - 2013-02-16 23:31 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Drawing
2014-11-04 08:14 - 2013-02-16 14:51 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Skype
2014-11-04 08:08 - 2014-05-18 14:41 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-04 08:08 - 2013-02-16 14:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-11-04 00:30 - 2013-02-08 03:37 - 00172856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-11-03 01:00 - 2013-12-22 10:30 - 00000000 ____D () C:\MAGICDVDCOPY_TEMP
2014-11-03 00:17 - 2013-02-16 18:40 - 00001742 _____ () C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
2014-11-03 00:17 - 2013-02-16 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Photo Creations
2014-10-30 22:53 - 2013-05-16 06:19 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Miscellaneous
2014-10-30 16:55 - 2014-06-15 22:09 - 00000000 ____D () C:\Documents and Settings\Ed R\.gimp-2.8
2014-10-30 16:53 - 2014-06-15 22:04 - 00002319 _____ () C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
2014-10-27 22:44 - 2013-02-15 22:14 - 00093184 _____ () C:\Documents and Settings\Ed R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 19:03 - 2013-12-04 23:08 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Shakespeare
2014-10-23 21:35 - 2013-05-30 22:33 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Spirituality
2014-10-23 20:54 - 2013-02-17 22:31 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Comedy

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At6.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#7 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 10:59 PM

Here is the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2014 01
Ran by Ed R at 2014-11-22 23:57:43
Running from C:\Documents and Settings\Ed R\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
32 bit Windows Card Reader Driver (HKLM\...\{CE6DEE87-1C87-42ED-A108-7369BFE9076F}) (Version: 1.1.0.0 - TEAC)
3MCloudLibrary PC (QML) 1.33 (HKLM\...\3MCloudLibrary PC (QML)) (Version: 1.33 - 3M)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM\...\{785E309A-737D-422E-9520-369C6938D42E}) (Version: 10.2.30900.0 - Audials AG)
Audio Creator LE (HKLM\...\AudioCreator_is1) (Version: 1.0 - Cakewalk Music Software)
Autodesk SketchBook Pro 6.2 (HKLM\...\{8CC702A8-BA3E-4C1A-BA76-08A102012B58}) (Version: 6.20.0000 - Autodesk)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4189 - AVG Technologies) Hidden
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.7.8981 - )
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BellSouth FastAccess DSL Report Agent (HKLM\...\MotiveReportAgent) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{54ED2E2F-68EE-461C-888C-DB7EBE85C340}) (Version: 1.35.0 - Kovid Goyal)
CBR Reader (HKLM\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ChessBase Reader (HKLM\...\{D6330700-4083-48DD-A03C-E209674E7836}) (Version: 2 - )
Convert MP4 to MP3 1.5 (HKLM\...\{5067397A-2935-4290-AE14-1BE2863B00A3}_is1) (Version:  - ConvertMP4toMP3.com)
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08100 - Dell)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Easy MP3 Joiner 2.9 (HKLM\...\Easy MP3 Joiner_is1) (Version:  - ManiacTools.com)
EPubsoft Kindle MOBI AZW DRM Removal 7.6.5 (HKLM\...\{61F7C273-C127-49ED-B2D4-D9A421ECEBE4}) (Version: 7.6.5 - EPUBSOFT)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Ezvid (HKLM\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0982 - Ezvid, inc.)
ffdshow [rev 2583] [2009-01-05] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FileOpen Client (HKLM\...\{518FFDF0-6F4B-4BBF-9A2B-8C5BD1919260}) (Version: 3.0.90.926 - FileOpen Systems, Inc.)
FLV to AVI WMV MPEG Free Converter 3.2.60 (HKLM\...\FLV to AVI WMV MPEG Free Converter_is1) (Version:  - )
Free CBR To PDF Converter (HKLM\...\{48199433-EFED-4E4E-BB6A-67BCE84B2A6C}) (Version: 1.0.0 - Free Picture Solutions)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Free YouTube Downloader 3.5.174 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freemake Video Converter version 4.1.2 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
GimpShop 2.8 (HKLM\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP ENVY 110 series Basic Device Software (HKLM\...\{34DADE12-A63E-4676-83F7-07787ECDF137}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 110 series Product Improvement Study (HKLM\...\{189DEBDC-0394-4322-80BD-5C9D4B230160}) (Version: 25.0.622.0 - Hewlett-Packard Co.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{790305ED-B75A-44E7-9B68-D5D737CCA03B}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP Photo Creations)
iExplorer 3.3.2.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections 12.1.12.0 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150040}) (Version: 1.5.0.40 - Sun Microsystems, Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
MediaFire Desktop (HKLM\...\MediaFire Desktop 0.7.46.8594) (Version: 0.7.46.8594 - MediaFire)
Micromega Software System EasyScan (HKLM\...\Micromega Software EasyScan) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 6.8.0 (32bit) (HKLM\...\MKVToolNix) (Version: 6.8.0 - Moritz Bunkus)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MP3 to CDA Converter 1.0.2 (HKLM\...\MP3 to CDA Converter) (Version: 1.0.2 - FastStudio, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OJOsoft Total Video Converter (HKLM\...\OJOsoft Total Video Converter_is1) (Version: 2.7.6.0419 - OJOsoft)
OneClickdigital Media Manager (HKLM\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)
OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
Pam Call Recorder 4.8 (HKLM\...\PamelaCR) (Version: 4.8 - Scendix Software-Vertriebsges. mbH)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Pazera Free MKV to AVI Converter 1.1 (HKLM\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.1 - Pazera Jacek)
PDFBinder (HKLM\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
PhoneBrowse 2.0.1 (HKLM\...\{6A4F3A46-FC4A-4B5C-917C-B9BAAB99FE01}}_is1) (Version: 2.0.1 - iMobie Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5697 - Realtek Semiconductor Corp.)
RealTime Cookie & Cache Cleaner (RtC3) (HKLM\...\RealTime Cookie & Cache Cleaner_is1) (Version:  - KleinSoft)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Robert's Rules of Order Newly Revised 11th Edition (HKLM\...\{F293BC8F-759A-11D7-9EAA-0020E0623A55}) (Version: 4.40.000 - ALPCodesENU)
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Sharepod 4.0.1.0 (HKLM\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.7 - SmartSound Software Inc.) Hidden
Sparkol VideoScribe (HKLM\...\Sparkol VideoScribe 1.3.26) (Version: 1.3.26 - Sparkol)
Sparkol VideoScribe (Version: 1.3.26 - Sparkol) Hidden
Storybook (HKLM\...\Storybook) (Version: 2.1.15 - Intertec)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader version 1.9.0.4 (HKLM\...\Video Downloader_is1) (Version: 1.9.0.4 - Video Downloader)
Videora iPad Converter 6 (HKLM\...\Videora iPad Converter) (Version: 6 - Red Kawa)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\WINDOWS\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-682003330-1844237615-1801674531-1003_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\DOCUME~1\EDR~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\DebutReminder.job => C:\Program Files\NCH Software\Debut\debut.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-01 13:41 - 2013-11-27 14:52 - 01756392 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\mf_watch.exe
2013-12-01 13:42 - 2013-11-27 14:21 - 22370998 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libdesktop_misc.dll
2013-12-01 13:42 - 2013-11-27 14:20 - 09555220 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libhub_communication_pp.dll
2013-12-01 13:42 - 2013-11-27 14:18 - 12017369 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libdesktop_shared.dll
2013-12-01 13:41 - 2013-11-27 14:17 - 00117248 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libgcc_s_dw2-1.dll
2013-12-01 13:41 - 2013-11-27 14:17 - 01019406 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libstdc++-6.dll
2013-12-01 13:41 - 2012-08-08 19:09 - 01126733 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_regex-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:13 - 00210002 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_thread-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:08 - 00065817 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_chrono-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:08 - 00036324 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_system-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:08 - 00220066 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_filesystem-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2013-11-27 14:18 - 00057559 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libhub_communication_dyn.dll
2013-12-01 13:41 - 2012-08-08 19:09 - 01050203 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_locale-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:08 - 00142478 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_date_time-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2012-08-08 19:12 - 00908924 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libboost_serialization-mgw47-mt-1_50.dll
2013-12-01 13:41 - 2013-10-08 12:47 - 00427523 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libcurl-4.dll
2013-12-01 13:41 - 2013-10-09 14:38 - 00118272 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\zlib1.dll
2013-12-01 13:41 - 2012-08-22 10:48 - 00406051 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\libexpat-1.dll
2013-12-01 13:41 - 2013-11-27 14:52 - 00457944 _____ () C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\MFUsnMonitorService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-11-07 09:27 - 2014-11-11 08:15 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Ed R^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2 => C:\WINDOWS\pss\OneNote Table Of Contents.onetoc2Startup
MSCONFIG\startupreg: uTorrent => "C:\Documents and Settings\Ed R\Application Data\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-682003330-1844237615-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-682003330-1844237615-1801674531-1006 - Limited - Enabled)
Ed R (S-1-5-21-682003330-1844237615-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ed R
Guest (S-1-5-21-682003330-1844237615-1801674531-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-682003330-1844237615-1801674531-1000 - Limited - Disabled)
IUSR_ED (S-1-5-21-682003330-1844237615-1801674531-1004 - Limited - Enabled)
IWAM_ED (S-1-5-21-682003330-1844237615-1801674531-1005 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-682003330-1844237615-1801674531-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2014 01:54:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/15/2014 07:50:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SpyHunter4.exe, version 4.12.13.4202, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2014 07:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application RtC3.exe, version 3.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2014 07:40:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 33.1.0.5423, faulting module mozalloc.dll, version 33.1.0.5423, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (11/07/2014 04:23:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application audacity.exe, version 2.0.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/12/2014 11:29:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application audacity.exe, version 2.0.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/07/2014 09:29:14 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/07/2014 09:29:14 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/03/2014 00:41:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iTunes.exe, version 11.4.0.18, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/03/2014 00:39:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iTunes.exe, version 11.4.0.18, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/22/2014 09:19:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (11/22/2014 09:19:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
%%1053

Error: (11/22/2014 09:19:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Freemake Improver service to connect.

Error: (11/22/2014 09:19:24 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.

Error: (11/22/2014 09:13:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2014 09:13:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VideoAcceleratorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2014 09:13:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MediaFire NTFS Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/22/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (05/19/2014 11:20:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1267 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 2037.1 MB
Available physical RAM: 1076.45 MB
Total Pagefile: 3929.8 MB
Available Pagefile: 3104.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:86.24 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 22 November 2014 - 11:01 PM

Here is the ESETScan log:

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Ed R\Local Settings\Application Data\freeonlineradioplayerrecorder\ldrtbFree.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Ed R\Local Settings\Application Data\freeonlineradioplayerrecorder\tbFree.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Ed R\Local Settings\Application Data\freeonlineradioplayerrecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir    a variant of Win32/PriceGong.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir    Win32/Toolbar.Linkury.D potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FlvPlayer\FLVPlayer.exe.vir    Win32/InstallCore.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\freeonlineradioplayerrecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe.vir    Win32/Toolbar.Conduit.Q potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\freeonlineradioplayerrecorder\ldrtbFree.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\freeonlineradioplayerrecorder\tbFree.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debut.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Debut\debutsetup_v1.74.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Ed R\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\762c2f2d-1a963a23    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\Ed R\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\60\70cfa07c-79b4267d    Java/TrojanDownloader.Agent.NDW trojan    cleaned by deleting - quarantined
C:\WINDOWS\Installer\MSI9E.tmp-\srbs.dll    a variant of MSIL/Toolbar.Linkury.C potentially unwanted application    deleted - quarantined
 



#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,388 posts

Posted 23 November 2014 - 08:13 AM

Since a trojan was found in your Java cache, let's clear that.

Your scan showed one or more viruses in your Sun Java Runtime Environment (JRE) cache. Delete those by clearing the JRE cache.
To clear the Java Runtime Environment (JRE) cache:

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
    -The Java Control Panel appears.
  • Click Settings under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
  • Close the Java Control Panel

 

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

 

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2013 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\DOCUME~1\EDR~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Folder:
c:\program files\enigma software group

end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

Your Java version is outdated and vulnerable.
Please go to Start > Control Panel > Programs and Features, and uninstall the following:
JJ2SE Runtime Environment 5.0 Update 4
Java 7 Update 51

 
Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here:
http://java.com/en/d...anual_java7.jsp
If you reinstall it because a program requires Java, you can increase your security by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and Unchecking "Enable Java content in the browser".

 

That's not the most recent version of Java, but since you have Windows XP, you need to run Java Runtime Environment (JRE) version 7 rather than the most recent version 8. Windows XP is no longer supported by the most recent version of Java, and as time goes on you may find more program updates that are no longer supported under XP. The best advice for system security would be to update to Windows 7 as XP is no longer supported by Microsoft. That means that since last April, there will no longer by any security updates to fix identified vulnerabilities. Your system will remain vulnerable until XP is updated.

 

You can run the Windows 7 Upgrade Advisor to see if your PC is ready for Windows 7:

http://www.microsoft...ails.aspx?id=20

 

Please post the log from FRST (Fixlog.txt), and note any errors encountered.

 

How is your system running now? Any problem running AVG?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#10 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 November 2014 - 08:54 AM

There was no fixlog.txt file created but there was an FRST.txt file created.  Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Ed R (administrator) on ED on 23-11-2014 09:45:43
Running from C:\Documents and Settings\Ed R\My Documents\Spyware cleanup tools
Loaded Profile: Ed R (Available profiles: Ed R)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
() C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\mf_watch.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
() C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\MFUsnMonitorService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(SPEEDbit) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-08-26] (SupportSoft, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-09-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker32.exe [840624 2012-11-07] (FileOpen Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-12-08] (RealNetworks, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2013 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [uTorrent] => C:\Documents and Settings\Ed R\Application Data\uTorrent\uTorrent.exe [1385808 2014-10-30] (BitTorrent Inc.)
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\...\Run: [MediaFire Tray] => C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\mf_watch.exe [1756392 2013-11-27] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
ShortcutTarget: SketchBook Snapshot.lnk -> C:\Program Files\Autodesk\SketchBook Pro 6.2\SketchBookSnapshot.exe (Autodesk Inc)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 110 series.lnk -> C:\Program Files\HP\HP ENVY 110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Ed R\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files\MediaFire Desktop\MediaFireIcon3_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files\MediaFire Desktop\MediaFireIcon_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files\MediaFire Desktop\MediaFireIcon2_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files\MediaFire Desktop\MediaFireIcon4_90802.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files\MediaFire Desktop\MediaFireIcon5_90802.dll (TODO: <Company name>)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-682003330-1844237615-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://poems.com/
HKU\S-1-5-21-682003330-1844237615-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> {EF05E381-9F09-4F26-A9BD-F3342B5AA112} URL = http://search.yahoo....p={SearchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-682003330-1844237615-1801674531-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://teamaccess.t...SetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Winsock: Catalog9 16 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [177320] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default
FF Homepage: hxxp://poems.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Flash Video Downloader - Full HD Download - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\artur.dubovoy@gmail.com [2014-11-12]
FF Extension: Flash and Video Download - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-10-14]
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Ed R\Application Data\Mozilla\Firefox\Profiles\0mhenplt.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-07-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-19]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://poems.com/
CHR StartupUrls: Default -> "hxxp://poems.com/"
CHR Profile: C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-16]
CHR Extension: (Google Search) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-16]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Ed R\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-16]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-11-07] (FileOpen Systems Inc.)
S2 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2008-04-14] (Microsoft Corporation)
R2 MF NTFS Monitor; C:\Documents and Settings\Ed R\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [457944 2013-11-27] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [281768 2013-12-08] (SPEEDbit)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182584 2014-10-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
R2 mfmonitor; C:\WINDOWS\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-11-27] (Windows ® Win 7 DDK provider)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2012-06-22] (Corel Corporation)
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [31848 2013-08-19] (RapidSolution Software AG)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2013-08-19] (RapidSolution Software AG)
S3 WsAudio_Device(1); C:\WINDOWS\System32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\WINDOWS\System32\drivers\VirtualAudio2.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\WINDOWS\System32\drivers\VirtualAudio3.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\WINDOWS\System32\drivers\VirtualAudio4.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\WINDOWS\System32\drivers\VirtualAudio5.sys [27496 2013-01-25] (Wondershare)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 23:56 - 2014-11-23 09:45 - 00000000 ____D () C:\FRST
2014-11-22 21:27 - 2014-11-22 21:27 - 00000000 ____D () C:\Program Files\ESET
2014-11-22 15:16 - 2014-11-22 15:16 - 00000935 _____ () C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2014-11-22 15:16 - 2014-11-22 15:16 - 00000000 ____D () C:\Program Files\Panda Security
2014-11-22 15:16 - 2014-11-22 15:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2014-11-22 14:29 - 2014-11-23 09:45 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Spyware cleanup tools
2014-11-22 13:54 - 2014-11-22 13:54 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-22 11:14 - 2014-11-22 14:34 - 00000000 ____D () C:\AdwCleaner
2014-11-19 08:53 - 2014-11-19 08:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-18 21:34 - 2014-11-18 22:15 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Bullshit
2014-11-18 20:10 - 2014-11-18 20:10 - 00001037 _____ () C:\Documents and Settings\Ed R\Desktop\Shortcut to SmartWAVConverter.exe.lnk
2014-11-15 20:02 - 2014-11-15 20:02 - 00000678 _____ () C:\Documents and Settings\Ed R\Desktop\RealTime Cookie & Cache Cleaner.lnk
2014-11-15 20:02 - 2014-11-15 20:02 - 00000000 ____D () C:\Program Files\KleinSoft
2014-11-15 20:02 - 2014-11-15 20:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RtC3
2014-11-15 11:43 - 2014-11-15 11:43 - 00001147 _____ () C:\Documents and Settings\All Users\Desktop\Free CBR To PDF Converter.lnk
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Program Files\Free Picture Solutions
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Free Picture Solutions
2014-11-15 11:43 - 2014-11-15 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free CBR To PDF Converter
2014-11-12 20:10 - 2014-11-12 20:10 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-11-12 20:10 - 2014-11-12 20:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-12 20:10 - 2014-11-12 20:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-11-12 20:04 - 2014-11-12 20:04 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-11-12 20:04 - 2014-11-12 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-11-12 20:02 - 2014-11-12 20:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-07 09:27 - 2014-11-11 08:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\SLAA
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ___RD () C:\Program Files\Skype
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-04 08:08 - 2014-11-04 08:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-11-03 00:17 - 2014-11-03 00:17 - 00000000 ___RD () C:\Documents and Settings\Ed R\My Documents\HP Photo Creations

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 09:45 - 2013-02-15 07:35 - 00000000 ____D () C:\Documents and Settings\Ed R\Local Settings\Temp
2014-11-23 09:45 - 2013-02-15 07:30 - 01681835 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 09:44 - 2013-06-28 07:27 - 00000000 ____D () C:\Program Files\Java
2014-11-23 09:25 - 2013-02-16 22:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 09:11 - 2013-09-16 01:44 - 00000488 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-11-23 08:56 - 2013-02-17 12:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-23 08:39 - 2013-07-07 12:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-23 02:24 - 2013-08-09 01:24 - 00000408 _____ () C:\WINDOWS\Tasks\At6.job
2014-11-22 22:19 - 2013-02-14 19:46 - 00000263 _____ () C:\WINDOWS\wiadebug.log
2014-11-22 22:10 - 2013-02-14 19:39 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-22 22:08 - 2013-02-15 07:28 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-22 21:40 - 2013-02-16 20:20 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\SA
2014-11-22 21:24 - 2013-02-16 14:23 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\uTorrent
2014-11-22 21:20 - 2013-12-01 13:43 - 00000000 ___HD () C:\Documents and Settings\Ed R\.mediafire
2014-11-22 21:20 - 2013-02-16 14:26 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:19 - 2013-02-16 14:26 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:19 - 2013-02-14 19:46 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-22 21:19 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-22 21:18 - 2014-04-24 23:20 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 21:18 - 2013-02-16 22:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 21:18 - 2013-02-15 07:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-22 21:17 - 2014-01-20 19:47 - 00342874 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-18-0.dat
2014-11-22 21:17 - 2013-02-17 20:28 - 00171930 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-11-22 21:17 - 2013-02-15 07:35 - 00000178 ___SH () C:\Documents and Settings\Ed R\ntuser.ini
2014-11-22 21:17 - 2013-02-15 07:33 - 00032602 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-22 20:40 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At2.job
2014-11-22 18:40 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At3.job
2014-11-22 16:05 - 2013-02-19 00:31 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-22 16:01 - 2013-02-16 14:51 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-22 14:40 - 2013-02-14 19:44 - 00669726 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-22 14:00 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At4.job
2014-11-22 11:52 - 2013-02-16 20:36 - 00002515 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Office Word 2007.lnk
2014-11-22 10:50 - 2014-09-20 14:41 - 00469768 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-11-22 10:10 - 2013-02-16 18:40 - 00000446 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-21 23:01 - 2013-02-16 17:04 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Audacity
2014-11-21 17:26 - 2013-02-16 22:09 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-21 07:32 - 2013-03-17 17:38 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\My Audiobooks
2014-11-20 23:31 - 2013-02-16 19:14 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Personal
2014-11-20 22:52 - 2013-02-17 20:11 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Writing
2014-11-20 22:27 - 2014-02-06 02:09 - 00000727 _____ () C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-11-20 22:27 - 2013-09-11 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-11-20 22:27 - 2013-08-09 01:13 - 00001446 _____ () C:\Documents and Settings\Ed R\Desktop\DivX Movies.lnk
2014-11-20 22:27 - 2013-08-09 01:09 - 00000000 ____D () C:\Program Files\DivX
2014-11-20 22:27 - 2013-08-09 01:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-11-20 22:26 - 2013-09-11 20:24 - 00000792 _____ () C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-11-20 22:13 - 2013-08-27 00:43 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Calibre Library
2014-11-19 17:08 - 2013-02-17 14:09 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-19 08:53 - 2013-07-28 09:43 - 00272606 _____ () C:\WINDOWS\setupapi.log
2014-11-19 08:53 - 2013-07-14 06:33 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2014-11-15 19:34 - 2013-02-23 20:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-14 00:27 - 2013-02-19 00:31 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-682003330-1844237615-1801674531-1003.job
2014-11-13 18:29 - 2013-08-31 12:21 - 00000000 ____D () C:\Documents and Settings\Ed R\Local Settings\Application Data\Akamai
2014-11-12 20:03 - 2013-02-16 17:00 - 00000000 ____D () C:\Program Files\iPod
2014-11-12 20:03 - 2013-02-16 16:59 - 00000000 ____D () C:\Program Files\iTunes
2014-11-12 20:02 - 2013-02-16 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-11 17:56 - 2014-04-28 21:56 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-11 17:56 - 2014-03-19 19:54 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 17:56 - 2014-03-19 19:54 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-07 15:39 - 2013-02-16 23:31 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Drawing
2014-11-04 08:14 - 2013-02-16 14:51 - 00000000 ____D () C:\Documents and Settings\Ed R\Application Data\Skype
2014-11-04 08:08 - 2014-05-18 14:41 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-11-04 08:08 - 2013-02-16 14:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-11-04 00:30 - 2013-02-08 03:37 - 00172856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2014-11-03 01:00 - 2013-12-22 10:30 - 00000000 ____D () C:\MAGICDVDCOPY_TEMP
2014-11-03 00:17 - 2013-02-16 18:40 - 00001742 _____ () C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
2014-11-03 00:17 - 2013-02-16 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP Photo Creations
2014-10-30 22:53 - 2013-05-16 06:19 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Miscellaneous
2014-10-30 16:55 - 2014-06-15 22:09 - 00000000 ____D () C:\Documents and Settings\Ed R\.gimp-2.8
2014-10-30 16:53 - 2014-06-15 22:04 - 00002319 _____ () C:\Documents and Settings\All Users\Desktop\GimpShop.lnk
2014-10-27 22:44 - 2013-02-15 22:14 - 00093184 _____ () C:\Documents and Settings\Ed R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 19:03 - 2013-12-04 23:08 - 00000000 ____D () C:\Documents and Settings\Ed R\My Documents\Shakespeare

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At6.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#11 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 November 2014 - 08:57 AM

My bad.  I clicked on Scan instead of Fix.  I will re-do that and post the fixlog in the next reply.



#12 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 November 2014 - 09:00 AM

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Ed R at 2014-11-23 10:00:44 Run:1
Running from C:\Documents and Settings\Ed R\My Documents\Downloads
Loaded Profile: Ed R (Available profiles: Ed R)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2013 <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\DOCUME~1\EDR~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Folder:
c:\program files\enigma software group

end
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found] => not found.
esgiguard => Service deleted successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\WINDOWS\Tasks\At3.job => Moved successfully.
C:\WINDOWS\Tasks\At4.job => Moved successfully.
C:\WINDOWS\Tasks\At6.job => Moved successfully.

========================= Folder: ========================

Directory Not Found
c:\program files\enigma software group => Moved successfully.

==== End of Fixlog ====



#13 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 November 2014 - 09:03 AM

And AVG is running again.  Thank you!  I appreciate your help and patience.



#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,388 posts

Posted 23 November 2014 - 09:58 AM

Excellent. :)

 

Now it's time to do some cleanup of the tools used.

 

You can now delete the following tools and any logs they created:
DDS
Security Check

TFC
AdwCleaner (run the program and click Uninstall)
Farbar Recovery Scan Tool (and delete the folder C:\FRST)

 

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Personal Software Inspector (PSI) (be sure to UNcheck the box so you don't sign up for e-mail) or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

 

Does your problem appear resolved?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#15 edridgley

edridgley

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 November 2014 - 10:44 AM

Yes, the problem has been resolved.  Thank you very much!  I appreciate your extensive help and advice.



#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,388 posts

Posted 23 November 2014 - 10:32 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!