Solved Infected with My Search Dial

diego1 · 2014/08/16

[Solved] Infected with My Search Dial

Hi,

I've discovered my Dell Inspiron B120 with OS Windows XP is infected with My Search Dial virus. I normally use Mozilla Firefox so didn't realize it is a virus but, noticed when I open Internet Explorer that it has My Search Dial Tool Bar; and every once and so often, I receive message from AVG Anti Virus that My Search Dial attempts to create my home page. I do recall a while back I did go in Add/Remove and deleted My Search Dial but, it apparently was not deleted. My system has become very slow to boot, to start Mozilla Firefox and hangs on many instances. Can you help.

Thanks
Jaime

PeteC · 2014/08/16

Hi diego1

Read this post, then post the requested log(s) in the Malware and Virus Removal forum.
Click to expand...

diego1 · 2014/08/17

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2014
Scan Time: 11:33:21 PM
Logfile: MBAM Scan 8-16-14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.16.08
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: JJSR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318419
Time Elapsed: 1 hr, 0 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

diego1 · 2014/08/17

DDS - Notepad Log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.67.2
Run by JJSR at 0:52:44 on 2014-08-17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.326 [GMT -4:00]
.
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AOMEI Backupper\ABService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AOL\DataMask by AOL\epservice.exe
C:\Program Files\AOL\DataMask by AOL\ep.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AOL\DataMask by AOL\pl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AOL\DataMask by AOL\dps.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Documents and Settings\JJSR\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\JJSR\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\aol\datamask by aol\epbho32.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\aol\datamask by aol\plbho32.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
uRun: [Zoner Photo Studio Autoupdate] c:\program files\zoner\photo studio 15\program32\ZPSTRAY.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jjsr\local settings\application data\akamai\netsession_win.exe "
uRun: [DellSystemDetect] c:\documents and settings\jjsr\local settings\apps\2.0\clr5pmjj.0xt\x6ey6xyz.rjz\dell..tion_0f612f649c4a10af_0005.0008_b3168e842b9276ec\DellSystemDetect.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PhishLock] "c:\program files\aol\datamask by aol\pl.exe "
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [Data Protection Suite] "c:\program files\aol\datamask by aol\dps.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BoxSync] "c:\program files\box\box sync\BoxSync.exe" -m
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371616572062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1371881050765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 208.59.247.45 208.59.247.46
TCP: Interfaces\{BD61E058-4499-4FC2-9C56-2FE89A1F644F} : DHCPNameServer = 192.168.1.1 208.59.247.45 208.59.247.46
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jjsr\application data\mozilla\firefox\profiles\ha5p65ah.default-1398151615984\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - plugin: c:\documents and settings\jjsr\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2014-3-12 26424]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 190232]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 197400]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-19 37664]
R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2014-3-12 129720]
R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2014-3-12 14392]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-8-11 3244048]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-8-11 289328]
R2 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\aomei backupper\ABService.exe [2014-3-12 29912]
R2 BjsPort;Canon BJ Scanner Port Driver;c:\windows\system32\drivers\BjsPort.sys [2013-8-7 14656]
R2 EntryProtect;DataMask by AOL;c:\program files\aol\datamask by aol\epservice.exe [2013-4-30 45872]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-8-23 238952]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-11-15 137528]
R3 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2014-1-21 585728]
R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2013-11-21 23824]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-8-23 36608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-28 110296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-11-19 2152736]
S2 sbupdate;AOL Update Service (sbupdate);c:\program files\sentrybay\update\SentryBayUpdate.exe [2013-11-21 129904]
S3 ampa;ampa;c:\windows\system32\ampa.sys [2014-3-12 12656]
S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2014-1-13 21504]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2013-10-1 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2013-10-1 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2013-10-1 60816]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2013-8-23 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2013-8-23 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2013-8-23 123648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .vbs: VBSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .js: JSFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile=c:\windows\system32\CScript.exe "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2014-08-17 02:24:28 889416 ----a-w- C:\dotNetFx40_Full_setup.exe
2014-08-16 20:00:06 -------- d-----w- c:\documents and settings\jjsr\application data\DriverCure
2014-08-16 20:00:02 -------- d-----w- c:\documents and settings\jjsr\application data\PC Utility Kit
2014-08-16 19:59:17 -------- d-----w- c:\program files\common files\PC Utility Kit
2014-08-16 19:59:05 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit
2014-08-13 04:20:33 -------- d-----w- c:\program files\Enigma Software Group
2014-08-13 04:17:36 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-08-13 04:16:18 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-08-08 04:53:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-08 04:53:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-07 04:44:00 -------- d-----w- c:\documents and settings\jjsr\application data\OpenOffice
2014-08-07 04:24:36 -------- d-----w- c:\program files\OpenOffice 4
2014-08-05 17:20:22 227728 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-07-30 04:27:59 92784 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2014-07-30 04:27:59 401008 ----a-w- c:\program files\mozilla firefox\nssckbi.dll
2014-07-30 04:27:59 1802864 ----a-w- c:\program files\mozilla firefox\nss3.dll
2014-07-30 04:27:49 897648 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2014-07-30 04:27:49 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2014-07-30 04:27:49 277616 ----a-w- c:\program files\mozilla firefox\updater.exe
2014-07-30 04:27:49 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2014-07-30 04:27:49 150128 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2014-07-30 04:27:48 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-07-30 04:27:48 91032 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-07-30 04:26:48 24405104 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-07-30 04:26:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2014-07-30 04:26:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2014-07-30 04:26:47 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2014-07-30 04:26:47 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2014-07-30 04:26:47 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2014-08-17 03:32:34 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-17 01:25:44 56 --sh--r- c:\windows\system32\ADE841FF11.sys
2014-08-17 01:25:44 1994 --sha-w- c:\windows\system32\KGyGaAvL.sys
2014-08-13 22:47:44 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-13 22:47:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-05 13:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-08 19:40:04 5659136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-06-30 16:43:12 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-25 21:17:47 23824 ----a-w- c:\windows\system32\drivers\epfilter.sys
2014-06-17 20:22:02 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 20:21:22 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 20:18:00 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 20:17:58 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 20:17:56 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-06-17 20:06:22 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 20:06:20 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-05-22 03:37:43 0 ----a-w- C:\WindowsDefender.msi
.
============= FINISH: 0:54:41.31 ===============

diego1 · 2014/08/17

Attach - Notepad Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2013 9:02:00 PM
System Uptime: 8/16/2014 9:03:14 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0KD941
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 125.375 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/8/2014 12:04:10 AM - System Checkpoint
RP2: 7/9/2014 12:49:18 AM - System Checkpoint
RP3: 7/29/2014 11:19:38 PM - Installed Java 7 Update 65
RP4: 7/30/2014 12:24:36 PM - Software Distribution Service 3.0
RP5: 7/31/2014 4:52:24 PM - System Checkpoint
RP6: 7/31/2014 6:04:46 PM - Installed AVG 2014
RP7: 7/31/2014 6:17:44 PM - Removed AVG 2014
RP8: 8/2/2014 12:07:27 AM - System Checkpoint
RP9: 8/4/2014 2:12:58 AM - System Checkpoint
RP10: 8/5/2014 8:56:18 PM - System Checkpoint
RP11: 8/6/2014 9:27:39 PM - System Checkpoint
RP12: 8/7/2014 12:24:27 AM - Installed OpenOffice 4.1.0
RP13: 8/8/2014 12:48:22 AM - Removed Java 7 Update 25
RP14: 8/8/2014 12:50:30 AM - Installed Java 7 Update 67
RP15: 8/10/2014 11:30:41 PM - System Checkpoint
RP16: 8/12/2014 1:47:01 PM - System Checkpoint
RP17: 8/12/2014 10:50:12 PM - pre-uninstall defrag 3
RP18: 8/12/2014 11:04:11 PM - Removed IObit Apps Toolbar v8.9.
RP19: 8/12/2014 11:13:05 PM - Removed IObit Apps Toolbar v8.9.
RP20: 8/13/2014 12:20:26 AM - Installed SpyHunter
RP21: 8/14/2014 11:43:30 PM - Software Distribution Service 3.0
RP22: 8/15/2014 2:35:07 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
Adblock Plus for IE
Adblock Plus for IE (32-bit)
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
AOMEI Backupper
AOMEI Partition Assistant Pro Edition 5.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
BitPim 1.0.7
BJC-85
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
BlackBerry World Browser Plugin
BlueSoleil
Bonjour
Box Sync
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner
Cisco WebEx Meetings
Conexant HDA D110 MDC V.92 Modem
DataMask by AOL
Dell ResourceCD
Dell System Detect
Dell Wireless WLAN Card
Digital Line Detect
DivX Setup
DVD Firmwares and Drivers 1.1.0.0
Google Chrome
Google Earth
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
IObit Apps Toolbar v8.9
IS Scan 2
iTunes
Java 7 Update 67
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.3.0
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser (KB933579)
My Dell
OpenOffice 4.1.0
Picasa 3
PowerDVD 5.9
QuickSet
QuickTime 7
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
SentryBay Update Helper
SigmaTel Audio
Sonic DLA
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TSX Core
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
Visual Studio 2012 x86 Redistributables
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.20 (32-bit)
WordPerfect Office 12
Zoner Photo Studio 15
.
==== Event Viewer Messages From Past Week ========
.
8/15/2014 5:32:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DataMask by AOL service to connect.
8/15/2014 5:32:17 PM, error: Service Control Manager [7000] - The DataMask by AOL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2014 1:58:37 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2014 1:58:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/15/2014 1:51:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/14/2014 11:43:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
8/14/2014 11:43:55 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2014 11:43:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
8/13/2014 6:22:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Blackberry Device Manager service to connect.
8/13/2014 6:22:56 PM, error: Service Control Manager [7000] - The Blackberry Device Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/13/2014 6:22:55 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BlackBerry Device Manager with arguments " " in order to run the server: {BA3D0120-E617-4F66-ADCA-585CC2FB86DB}
8/12/2014 6:33:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942403
8/12/2014 11:04:15 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/12/2014 10:57:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
8/12/2014 10:39:39 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
8/12/2014 1:21:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
8/12/2014 1:21:12 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/10/2014 10:39:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOMEI Backupper Scheduler Service service to connect.
8/10/2014 10:39:49 PM, error: Service Control Manager [7000] - The AOMEI Backupper Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

broni · 2014/08/17

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download [img=http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png]Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan ".

When the scan is finished and no malware has been found select "Exit ".

If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt "

"system-log.txt "

diego1 · 2014/08/17

RK Report

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JJSR [Admin rights]
Mode : Remove -- Date : 08/17/2014 20:49:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[PUM.Https] HKEY_USERS\S-1-5-21-1085031214-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD61E058-4499-4FC2-9C56-2FE89A1F644F} | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BD61E058-4499-4FC2-9C56-2FE89A1F644F} | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BD61E058-4499-4FC2-9C56-2FE89A1F644F} | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{BD61E058-4499-4FC2-9C56-2FE89A1F644F} | DhcpNameServer : 192.168.1.1 208.59.247.45 208.59.247.46 -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1085031214-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED
[PUM.Desktop] HKEY_USERS\S-1-5-21-1085031214-1035525444-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NOT SELECTED
[PUM.HomePage] HKEY_USERS\S-1-5-21-1085031214-1035525444-725345543-1004\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] At2.job -- C:\DOCUME~1\JJSR\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 3 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtQueryValueKey[177] : C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xba1891d6
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\drvmcdb @ Unknown (drvmcdb.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\sscdbhk5 @ Unknown (\SystemRoot\system32\drivers\sscdbhk5.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ha5p65ah.default-1398151615984 : user_pref( "browser.startup.homepage ", "http://www.aol.com/ "); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM160HC +++++
--- User ---
[MBR] 8116c0693af724dc9182b50e723ebfc2
[BSP] 578701cc071186d8e69ec18fe6e500a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_08172014_204422.log

broni · 2014/08/17

Go on...

diego1 · 2014/08/17

mbar-log-2014-08-17

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.18.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JJSR :: JJSR-02EC1F576A [administrator]

8/17/2014 11:07:55 PM
mbar-log-2014-08-17 (23-07-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320157
Time elapsed: 1 hour(s), 21 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

diego1 · 2014/08/18

system-log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 1601564672, free: 454324224

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 0.798000 GHz
Memory total: 1601564672, free: 318111744

Downloaded database version: v2014.08.18.01
Downloaded database version: v2014.08.16.01
Initializing...
=======================================
------------ Kernel report ------------
08/17/2014 23:06:46
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
drvmcdb.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
BTHidMgr.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
ambakdrv.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\??\C:\WINDOWS\system32\drivers\epfilter.sys
\??\C:\WINDOWS\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\sscdbhk5.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\VcommMgr.sys
\SystemRoot\system32\DRIVERS\vbtenum.sys
\SystemRoot\system32\DRIVERS\blueletaudio.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\btnetdrv.sys
\SystemRoot\system32\DRIVERS\RimSerial.sys
\SystemRoot\system32\DRIVERS\VComm.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\ssrtln.sys
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\system32\drivers\drvnddm.sys
\SystemRoot\system32\dla\tfsndres.sys
\SystemRoot\system32\dla\tfsnifs.sys
\SystemRoot\system32\dla\tfsnopio.sys
\SystemRoot\system32\dla\tfsnpool.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\dla\tfsnboio.sys
\SystemRoot\system32\dla\tfsncofs.sys
\SystemRoot\system32\dla\tfsndrct.sys
\SystemRoot\system32\dla\tfsnudf.sys
\SystemRoot\system32\dla\tfsnudfa.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\??\C:\WINDOWS\system32\ammntdrv.sys
\??\C:\WINDOWS\system32\amwrtdrv.sys
\??\C:\WINDOWS\system32\drivers\BjsPort.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\Program Files\AOL\DataMask by AOL\epinject32.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6feab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8a7cf940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6feab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a732b48, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6feab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7cf940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16DB16DA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312560577
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
File "c:\documents and settings\all users\application data\avg2014\chjw\20ac431fac42eeba.dat:0e05c41b-78ac-4705-adfa-bd327e69d675" is sparse (flags = 32768)
File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-62aae810-6560-485b-b65c-a2374a73944a.tmp" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

broni · 2014/08/18

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

diego1 · 2014/08/19

Combofix Re

Hi Broni,

I downloaded Combofix ran it but, cannot locate combofix report. As per your instructions, I disabled the Firewall and uninstalled the AVG Anti-virus. It installed the recovery console and created a restore point. It ran completing 50+ sections then rebooted. Other than receiving message to install the recovery console, creating restore point and completion of program, I didn't receive any other messages. I ran a system search for "C:\Combofix.txt" with no results. I enabled my firewall and reinstalled AVG Anti-Virus since.

Should I run Combofix again?

broni · 2014/08/19

No.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

diego1 · 2014/08/19

AdwCleaner

# AdwCleaner v3.307 - Report created 19/08/2014 at 21:03:28
# Updated 17/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JJSR - JJSR-02EC1F576A
# Running from : C:\Documents and Settings\JJSR\Desktop\adwcleaner_3.307.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\JJSR\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\JJSR\Application Data\Mozilla\Firefox\Profiles\vkyzow4o.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Documents and Settings\JJSR\Application Data\Mozilla\Firefox\Profiles\vkyzow4o.default\Extensions\staged\ffxtlbr@mysearchdial.com
[!] Folder Deleted : C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaainelhcgoinheohbeolppeofibjlh

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Codec Pack Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vl249pm.default\prefs.js ]

[ File : C:\Documents and Settings\JJSR\Application Data\Mozilla\Firefox\Profiles\ha5p65ah.default-1398151615984\prefs.js ]

[ File : C:\Documents and Settings\JJSR\Application Data\Mozilla\Firefox\Profiles\vkyzow4o.default\prefs.js ]

-\\ Google Chrome v36.0.1985.143

*************************

AdwCleaner[R0].txt - [12908 octets] - [24/03/2014 22:25:14]
AdwCleaner[R1].txt - [3107 octets] - [19/08/2014 20:49:30]
AdwCleaner[R2].txt - [3167 octets] - [19/08/2014 20:58:55]
AdwCleaner[S0].txt - [12757 octets] - [24/03/2014 22:27:46]
AdwCleaner[S1].txt - [3136 octets] - [19/08/2014 21:03:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3196 octets] ##########

diego1 · 2014/08/19

JRT Report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by JJSR on Tue 08/19/2014 at 21:45:32.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup "
Successfully deleted: [Folder] "C:\Documents and Settings\JJSR\Local Settings\Application Data\cre "
Successfully deleted: [Folder] "C:\Program Files\ezlyrics "
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin "

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\JJSR\Application Data\mozilla\firefox\profiles\ha5p65ah.default-1398151615984\prefs.js

user_pref( "services.sync.forms.syncID ", "O-V9Y9Rk3_wZ ");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/19/2014 at 22:16:08.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diego1 · 2014/08/19

FRST Report

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-08-2014
Ran by JJSR (administrator) on JJSR-02EC1F576A on 19-08-2014 23:01:54
Running from C:\Documents and Settings\JJSR\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AOL) C:\Program Files\AOL\DataMask by AOL\epservice.exe
(AOL) C:\Program Files\AOL\DataMask by AOL\ep.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AOL) C:\Program Files\AOL\DataMask by AOL\pl.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AOL) C:\Program Files\AOL\DataMask by AOL\dps.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\JJSR\Local Settings\Application Data\Akamai\netsession_win.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\JJSR\Local Settings\Application Data\Akamai\netsession_win.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [PhishLock] => C:\Program Files\AOL\DataMask by AOL\pl.exe [801584 2014-06-24] (AOL)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2006-04-06] (CyberLink Corp.)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [122941 2005-05-31] (Sonic Solutions)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM\...\Run: [Data Protection Suite] => C:\Program Files\AOL\DataMask by AOL\dps.exe [1317168 2014-06-24] (AOL)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1347584 2006-01-16] (Dell Inc.)
HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [12289520 2014-04-14] (Box, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [Advanced SystemCare 6] => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [781824 2014-04-29] (ZONER software)
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\JJSR\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Run: [DellSystemDetect] => C:\Documents and Settings\JJSR\Local Settings\Apps\2.0\CLR5PMJJ.0XT\X6EY6XYZ.RJZ\dell..tion_0f612f649c4a10af_0005.0008_b3168e842b9276ec\DellSystemDetect.exe [262720 2014-05-30] (Dell)
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1085031214-1035525444-725345543-1004\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
BHO: DataMask by AOL -> {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} -> C:\Program Files\AOL\DataMask by AOL\epbho32.dll (AOL)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DataMask by AOL -> {ff507020-a257-4527-a222-b6f5732e55ee} -> C:\Program Files\AOL\DataMask by AOL\plbho32.dll (AOL)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1371616572062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1371881050765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 208.59.247.45 208.59.247.46

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JJSR\Application Data\Mozilla\Firefox\Profiles\ha5p65ah.default-1398151615984
FF Homepage: hxxp://www.aol.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\JJSR\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\JJSR\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-06-21]
FF HKLM\...\Firefox\Extensions: [sss@sentrybay.com] - C:\Program Files\AOL\DataMask by AOL\ffext
FF Extension: DataMask by AOL - C:\Program Files\AOL\DataMask by AOL\ffext [2013-11-21]

Chrome:
=======
CHR Extension: (Docs) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-02-25]
CHR Extension: (YouTube) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-23]
CHR Extension: (Google Search) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-23]
CHR Extension: (DataMask by AOL) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge [2013-11-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Gmail) - C:\Documents and Settings\JJSR\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-23]
CHR HKLM\...\Chrome\Extension: [jfcbnjcmfbnplpojfdkfajamgpocofdh] - C:\Program Files\AOL\DataMask by AOL\phishlock.crx [2013-04-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
S3 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [110592 2005-04-06] () [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [21504 2014-01-13] (Box Inc.) [File not signed]
R2 EntryProtect; C:\Program Files\AOL\DataMask by AOL\epservice.exe [45872 2014-06-24] (AOL)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-08] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 sbupdate; C:\Program Files\SentryBay\Update\SentryBayUpdate.exe [129904 2014-02-01] (AOL)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2006-01-16] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-11-29] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-19] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2006-01-16] (Broadcom Corporation)
R2 BjsPort; C:\WINDOWS\system32\drivers\BjsPort.SYS [14656 1999-09-27] () [File not signed]
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) [File not signed]
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed]
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) [File not signed]
R3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () [File not signed]
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation) [File not signed]
S3 BTNetFilter; C:\WINDOWS\system32\drivers\BTNetFilter.sys [13304 2004-12-16] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
S1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
R3 epfilter; C:\WINDOWS\system32\drivers\epfilter.sys [23824 2014-06-25] (SentryBay)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 lgatbus; C:\WINDOWS\System32\DRIVERS\lgatbus.sys [43024 2002-10-15] (MCCI) [File not signed]
S3 lgatmdm; C:\WINDOWS\System32\DRIVERS\lgatmdm.sys [77104 2002-10-15] (MCCI) [File not signed]
S3 lgatserd; C:\WINDOWS\System32\DRIVERS\lgatserd.sys [60816 2002-10-15] (MCCI) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [31048 2014-01-31] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
S3 sscebus; C:\WINDOWS\System32\DRIVERS\sscebus.sys [98560 2010-04-26] (MCCI Corporation)
S3 sscemdfl; C:\WINDOWS\System32\DRIVERS\sscemdfl.sys [14848 2010-04-26] (MCCI Corporation)
S3 sscemdm; C:\WINDOWS\System32\DRIVERS\sscemdm.sys [123648 2010-04-26] (MCCI Corporation)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25984 2012-09-17] (The OpenVPN Project) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) [File not signed]
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) [File not signed]
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\DOCUME~1\JJSR\LOCALS~1\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U4 RemoteRegistry;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr;
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 22:40 - 2014-08-19 23:00 - 00018179 _____ () C:\Documents and Settings\JJSR\Desktop\Addition.txt
2014-08-19 22:36 - 2014-08-19 23:02 - 00024714 _____ () C:\Documents and Settings\JJSR\Desktop\FRST.txt
2014-08-19 22:35 - 2014-08-19 23:01 - 00000000 ____D () C:\FRST
2014-08-19 22:31 - 2014-08-19 22:31 - 01093632 _____ (Farbar) C:\Documents and Settings\JJSR\Desktop\FRST.exe
2014-08-19 22:16 - 2014-08-19 22:16 - 00001167 _____ () C:\Documents and Settings\JJSR\Desktop\JRT.txt
2014-08-19 21:44 - 2014-08-19 21:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-19 21:41 - 2014-08-19 21:41 - 01016261 _____ (Thisisu) C:\Documents and Settings\JJSR\Desktop\JRT.exe
2014-08-19 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-19 20:56 - 2014-08-19 20:57 - 01361671 _____ () C:\Documents and Settings\JJSR\Desktop\adwcleaner_3.307.exe
2014-08-19 00:30 - 2014-08-19 00:30 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-08-18 23:54 - 2014-08-18 23:53 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081814-01.dmp
2014-08-18 23:28 - 2014-08-18 23:28 - 00000000 _RSHD () C:\cmdcons
2014-08-18 23:28 - 2014-07-07 23:47 - 00000211 _____ () C:\Boot.bak
2014-08-18 23:28 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-18 23:22 - 2014-08-18 23:52 - 00000000 ___SD () C:\ComboFix
2014-08-18 23:22 - 2014-08-18 23:22 - 00000000 ____D () C:\Qoobox
2014-08-18 23:22 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-18 23:22 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-18 23:22 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-18 23:22 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-18 21:05 - 2014-08-18 21:06 - 05572035 ____R (Swearware) C:\Documents and Settings\JJSR\Desktop\ComboFix.exe
2014-08-17 21:38 - 2014-08-18 00:30 - 00000000 ____D () C:\Documents and Settings\JJSR\Desktop\mbar
2014-08-17 21:23 - 2014-08-17 21:24 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\JJSR\Desktop\mbar-1.07.0.1012.exe
2014-08-17 21:05 - 2014-08-17 21:05 - 00003932 _____ () C:\Documents and Settings\JJSR\Desktop\RKreport_DEL_08172014_204934.log
2014-08-17 20:22 - 2014-08-17 20:22 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-17 20:22 - 2014-08-17 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-17 03:52 - 2014-08-17 03:52 - 00000000 ____D () C:\Documents and Settings\JJSR\Local Settings\Application Data\Adobe
2014-08-17 00:59 - 2014-08-17 00:59 - 00011326 _____ () C:\Documents and Settings\JJSR\My Documents\attach.txt
2014-08-17 00:54 - 2014-08-17 00:54 - 00018205 _____ () C:\Documents and Settings\JJSR\Desktop\dds.txt
2014-08-17 00:54 - 2014-08-17 00:54 - 00011326 _____ () C:\Documents and Settings\JJSR\Desktop\attach.txt
2014-08-17 00:43 - 2014-08-17 00:43 - 00001073 _____ () C:\Documents and Settings\JJSR\Desktop\MBAM Scan 8-16-14.txt
2014-08-16 22:24 - 2014-08-16 22:24 - 00889416 _____ (Microsoft Corporation) C:\dotNetFx40_Full_setup.exe
2014-08-16 16:00 - 2014-08-16 16:00 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\PC Utility Kit
2014-08-16 15:59 - 2014-08-16 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2014-08-16 15:59 - 2014-08-16 15:59 - 00000000 ____D () C:\Program Files\Common Files\PC Utility Kit
2014-08-13 13:50 - 2014-08-13 13:50 - 02359350 _____ () C:\Documents and Settings\JJSR\Desktop\SpyHunter.bmp
2014-08-13 00:20 - 2014-08-13 00:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-13 00:17 - 2014-08-15 14:34 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-08-13 00:16 - 2014-08-13 00:16 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-08 00:54 - 2014-08-08 00:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-08 00:53 - 2014-08-08 00:51 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-08 00:53 - 2014-08-08 00:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-08 00:53 - 2014-08-08 00:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-08 00:53 - 2014-08-08 00:51 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-08 00:53 - 2014-08-08 00:51 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-07 00:44 - 2014-08-07 00:44 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\OpenOffice
2014-08-07 00:30 - 2014-08-07 00:36 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.0
2014-08-07 00:30 - 2014-08-07 00:30 - 00000877 _____ () C:\Documents and Settings\All Users\Desktop\OpenOffice 4.1.0.lnk
2014-08-07 00:24 - 2014-08-07 00:26 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-08-07 00:10 - 2014-08-07 00:12 - 00000000 ____D () C:\Documents and Settings\JJSR\Desktop\OpenOffice 4.1.0 (en-GB) Installation Files
2014-08-04 14:41 - 2014-08-04 14:41 - 02359350 _____ () C:\Documents and Settings\JJSR\Desktop\Toshiba TV 40L2200U Power Supply LED Driver F SP121-3fS01, Pk101v3310i.htm
2014-07-31 18:11 - 2014-08-19 00:30 - 00013026 _____ () C:\WINDOWS\setupapi.log
2014-07-30 19:31 - 2014-07-30 19:31 - 00007030 _____ () C:\Documents and Settings\JJSR\My Documents\cc_20140730_193127.reg
2014-07-30 00:25 - 2014-07-30 00:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 23:02 - 2014-08-19 22:36 - 00024714 _____ () C:\Documents and Settings\JJSR\Desktop\FRST.txt
2014-08-19 23:02 - 2013-06-18 21:09 - 00000000 ____D () C:\Documents and Settings\JJSR\Local Settings\Temp
2014-08-19 23:01 - 2014-08-19 22:35 - 00000000 ____D () C:\FRST
2014-08-19 23:00 - 2014-08-19 22:40 - 00018179 _____ () C:\Documents and Settings\JJSR\Desktop\Addition.txt
2014-08-19 22:44 - 2014-06-03 22:44 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job
2014-08-19 22:39 - 2014-05-14 20:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-19 22:34 - 2013-11-21 21:51 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 22:31 - 2014-08-19 22:31 - 01093632 _____ (Farbar) C:\Documents and Settings\JJSR\Desktop\FRST.exe
2014-08-19 22:16 - 2014-08-19 22:16 - 00001167 _____ () C:\Documents and Settings\JJSR\Desktop\JRT.txt
2014-08-19 22:10 - 2014-02-07 17:05 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-08-19 22:10 - 2013-11-21 22:29 - 00000876 _____ () C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineUA.job
2014-08-19 21:44 - 2014-08-19 21:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-19 21:41 - 2014-08-19 21:41 - 01016261 _____ (Thisisu) C:\Documents and Settings\JJSR\Desktop\JRT.exe
2014-08-19 21:20 - 2014-01-17 01:00 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\Box Sync
2014-08-19 21:20 - 2013-06-18 20:58 - 01585899 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 21:12 - 2014-06-28 00:04 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-08-19 21:12 - 2014-06-28 00:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-19 21:12 - 2013-06-24 01:53 - 00000000 ____D () C:\temp
2014-08-19 21:10 - 2014-03-07 15:46 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-19 21:10 - 2013-11-21 22:29 - 00000872 _____ () C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineCore.job
2014-08-19 21:10 - 2013-11-21 21:51 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 21:10 - 2013-06-18 21:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-19 21:05 - 2014-06-28 00:02 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-19 21:05 - 2013-06-18 21:09 - 00000178 ___SH () C:\Documents and Settings\JJSR\ntuser.ini
2014-08-19 21:05 - 2013-06-18 21:09 - 00000000 ____D () C:\Documents and Settings\JJSR
2014-08-19 21:04 - 2014-03-24 22:23 - 00000000 ____D () C:\AdwCleaner
2014-08-19 20:57 - 2014-08-19 20:56 - 01361671 _____ () C:\Documents and Settings\JJSR\Desktop\adwcleaner_3.307.exe
2014-08-19 18:03 - 2013-06-24 03:47 - 00169762 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-19 17:32 - 2013-06-19 00:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-19 16:43 - 2013-12-30 13:24 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-08-19 16:10 - 2014-02-07 17:05 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-08-19 15:15 - 2013-06-21 23:20 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C3C8C3F-4C96-433B-BBD8-101E333F7261}.job
2014-08-19 00:31 - 2013-09-19 12:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-19 00:30 - 2014-08-19 00:30 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-08-19 00:30 - 2014-07-31 18:11 - 00013026 _____ () C:\WINDOWS\setupapi.log
2014-08-19 00:30 - 2013-07-08 13:46 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-19 00:28 - 2013-06-19 01:02 - 00000000 ___HD () C:\$AVG
2014-08-18 23:54 - 2013-07-16 17:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-18 23:53 - 2014-08-18 23:54 - 00106496 _____ () C:\WINDOWS\Minidump\Mini081814-01.dmp
2014-08-18 23:52 - 2014-08-18 23:22 - 00000000 ___SD () C:\ComboFix
2014-08-18 23:51 - 2013-06-23 02:14 - 00000000 ____D () C:\Documents and Settings\JJSR\Local Settings\Application Data\Temp
2014-08-18 23:28 - 2014-08-18 23:28 - 00000000 _RSHD () C:\cmdcons
2014-08-18 23:28 - 2013-06-18 16:48 - 00000327 __RSH () C:\boot.ini
2014-08-18 23:22 - 2014-08-18 23:22 - 00000000 ____D () C:\Qoobox
2014-08-18 23:21 - 2014-08-18 23:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-18 21:06 - 2014-08-18 21:05 - 05572035 ____R (Swearware) C:\Documents and Settings\JJSR\Desktop\ComboFix.exe
2014-08-18 20:58 - 2013-06-29 00:12 - 00001994 ___SH () C:\WINDOWS\system32\KGyGaAvL.sys
2014-08-18 20:58 - 2013-06-29 00:12 - 00000056 __RSH () C:\WINDOWS\system32\ADE841FF11.sys
2014-08-18 03:09 - 2013-07-09 22:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 00:30 - 2014-08-17 21:38 - 00000000 ____D () C:\Documents and Settings\JJSR\Desktop\mbar
2014-08-18 00:30 - 2013-08-02 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-17 23:06 - 2014-06-28 20:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 21:39 - 2014-06-28 20:29 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-17 21:24 - 2014-08-17 21:23 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\JJSR\Desktop\mbar-1.07.0.1012.exe
2014-08-17 21:05 - 2014-08-17 21:05 - 00003932 _____ () C:\Documents and Settings\JJSR\Desktop\RKreport_DEL_08172014_204934.log
2014-08-17 20:22 - 2014-08-17 20:22 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-17 20:22 - 2014-08-17 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-17 03:52 - 2014-08-17 03:52 - 00000000 ____D () C:\Documents and Settings\JJSR\Local Settings\Application Data\Adobe
2014-08-17 00:59 - 2014-08-17 00:59 - 00011326 _____ () C:\Documents and Settings\JJSR\My Documents\attach.txt
2014-08-17 00:54 - 2014-08-17 00:54 - 00018205 _____ () C:\Documents and Settings\JJSR\Desktop\dds.txt
2014-08-17 00:54 - 2014-08-17 00:54 - 00011326 _____ () C:\Documents and Settings\JJSR\Desktop\attach.txt
2014-08-17 00:43 - 2014-08-17 00:43 - 00001073 _____ () C:\Documents and Settings\JJSR\Desktop\MBAM Scan 8-16-14.txt
2014-08-16 23:12 - 2013-07-16 00:24 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-08-16 23:09 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-16 22:59 - 2013-06-21 23:45 - 00002353 _____ () C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2014-08-16 22:24 - 2014-08-16 22:24 - 00889416 _____ (Microsoft Corporation) C:\dotNetFx40_Full_setup.exe
2014-08-16 22:20 - 2013-06-21 23:45 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
2014-08-16 16:44 - 2014-08-16 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2014-08-16 16:00 - 2014-08-16 16:00 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\PC Utility Kit
2014-08-16 15:59 - 2014-08-16 15:59 - 00000000 ____D () C:\Program Files\Common Files\PC Utility Kit
2014-08-15 14:37 - 2014-03-24 02:47 - 00000000 ____D () C:\Program Files\VideoLAN
2014-08-15 14:34 - 2014-08-13 00:17 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-08-13 20:08 - 2013-12-25 03:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-13 18:47 - 2013-06-19 03:21 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-13 18:47 - 2013-06-19 03:21 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-13 18:19 - 2013-11-19 04:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-08-13 13:50 - 2014-08-13 13:50 - 02359350 _____ () C:\Documents and Settings\JJSR\Desktop\SpyHunter.bmp
2014-08-13 01:14 - 2013-06-18 20:59 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-08-13 00:50 - 2013-06-20 00:54 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-13 00:20 - 2014-08-13 00:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-13 00:16 - 2014-08-13 00:16 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-12 23:23 - 2013-09-05 22:13 - 00000000 ____D () C:\Documents and Settings\JJSR\Local Settings\Application Data\Adblock Plus for IE
2014-08-12 23:10 - 2013-11-21 22:11 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-08 22:36 - 2014-03-07 15:46 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 00:54 - 2014-08-08 00:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-08 00:53 - 2013-10-24 02:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-08-08 00:51 - 2014-08-08 00:53 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-08 00:51 - 2014-08-08 00:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-08 00:51 - 2014-08-08 00:53 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-08 00:51 - 2014-08-08 00:53 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-08 00:51 - 2014-08-08 00:53 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-07 01:26 - 2013-06-21 16:43 - 00039664 _____ () C:\Documents and Settings\JJSR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-07 01:15 - 2013-06-18 16:49 - 00199344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-07 00:44 - 2014-08-07 00:44 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\OpenOffice
2014-08-07 00:36 - 2014-08-07 00:30 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.0
2014-08-07 00:30 - 2014-08-07 00:30 - 00000877 _____ () C:\Documents and Settings\All Users\Desktop\OpenOffice 4.1.0.lnk
2014-08-07 00:26 - 2014-08-07 00:24 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-08-07 00:12 - 2014-08-07 00:10 - 00000000 ____D () C:\Documents and Settings\JJSR\Desktop\OpenOffice 4.1.0 (en-GB) Installation Files
2014-08-05 14:46 - 2014-07-03 22:09 - 00000000 ____D () C:\Documents and Settings\JJSR\Desktop\Toshiba 75032000 Pc Board Assy, Power Module, Pk101v3310i_files
2014-08-05 09:20 - 2013-07-16 00:27 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-08-04 14:41 - 2014-08-04 14:41 - 02359350 _____ () C:\Documents and Settings\JJSR\Desktop\Toshiba TV 40L2200U Power Supply LED Driver F SP121-3fS01, Pk101v3310i.htm
2014-08-04 01:17 - 2013-06-19 00:07 - 00072704 _____ () C:\Documents and Settings\JJSR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-02 22:44 - 2014-06-03 22:44 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job
2014-08-01 02:06 - 2014-06-25 20:15 - 00465352 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-07-31 23:42 - 2013-06-19 02:08 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-31 17:42 - 2014-05-12 00:54 - 00001309 _____ () C:\Documents and Settings\JJSR\Application Data\Rim.Transcoder.Exception.log
2014-07-31 17:42 - 2013-07-14 23:17 - 00002926 _____ () C:\Documents and Settings\JJSR\Application Data\Rim.DesktopHelper.Exception.log
2014-07-31 17:42 - 2013-07-14 23:17 - 00002926 _____ () C:\Documents and Settings\JJSR\Application Data\Rim.Desktop.Exception.log
2014-07-30 20:57 - 2013-09-11 22:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 20:57 - 2013-06-29 02:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 19:31 - 2014-07-30 19:31 - 00007030 _____ () C:\Documents and Settings\JJSR\My Documents\cc_20140730_193127.reg
2014-07-30 19:21 - 2013-06-25 21:09 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-07-30 19:21 - 2013-06-25 21:09 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-07-30 19:21 - 2013-06-25 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 16:05 - 2013-06-21 22:27 - 00000000 ____D () C:\Documents and Settings\JJSR\Application Data\PCDr
2014-07-30 12:31 - 2013-06-29 02:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-30 00:28 - 2014-07-30 00:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 23:24 - 2013-07-16 00:38 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\AutoFix.exe
C:\Documents and Settings\JJSR\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

diego1 · 2014/08/19

Addition Report

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-08-2014
Ran by JJSR at 2014-08-19 23:02:40
Running from C:\Documents and Settings\JJSR\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{4653FE0D-2762-41B6-A757-8C4F00B790C3}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AOMEI Backupper (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
BitPim 1.0.7 (HKLM\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <djpham@bitpim.org>)
BJC-85 (HKLM\...\CANONBJ_Deinstall_CNMCP27.DLL) (Version: - )
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)
BlackBerry World Browser Plugin (HKLM\...\{C89184E5-DF30-4DB5-A90E-D24072B80F1F}) (Version: 4.4.1.5 - Research In Motion Limited)
BlueSoleil (HKLM\...\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{24F228C2-3505-49FC-A53F-4D39FAB3F32D}) (Version: 4.0.4758.0 - Box, Inc.)
Box Sync (Version: 4.0.4179.0 - Box Inc.) Hidden
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.03.06 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
DataMask by AOL (HKLM\...\{A3217415-0BD4-4252-BF9F-3AF4A267B04C}) (Version: 5.6.0.10077 - AOL)
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.8.0.16 - Dell)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.10.47.3 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DVD Firmwares and Drivers 1.1.0.0 (HKLM\...\DVD Firmwares and Drivers_is1) (Version: - Sakysoft s.r.l.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IObit Apps Toolbar v8.9 (HKLM\...\{EE68B04B-ABF4-4E83-87FF-42AF4C3F1D5B}) (Version: 8.9 - Spigot, Inc.) <==== ATTENTION
IS Scan 2 (HKLM\...\{0FF3A504-4705-11D2-B55D-00609733EA48}) (Version: - )
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OpenOffice 4.1.0 (HKLM\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD 5.9 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SentryBay Update Helper (Version: 1.0.0.7621 - SentryBay) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.98 - Sonic Solutions)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TSX Core (Version: 2.0.0.197 - SafeCentral, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_EN_is1) (Version: - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

08-07-2014 04:04:10 System Checkpoint
09-07-2014 04:49:18 System Checkpoint
30-07-2014 03:19:38 Installed Java 7 Update 65
30-07-2014 16:24:36 Software Distribution Service 3.0
31-07-2014 20:52:24 System Checkpoint
31-07-2014 22:04:46 Installed AVG 2014
31-07-2014 22:17:44 Removed AVG 2014
02-08-2014 04:07:27 System Checkpoint
04-08-2014 06:12:58 System Checkpoint
06-08-2014 00:56:18 System Checkpoint
07-08-2014 01:27:39 System Checkpoint
07-08-2014 04:24:27 Installed OpenOffice 4.1.0
08-08-2014 04:48:22 Removed Java 7 Update 25
08-08-2014 04:50:30 Installed Java 7 Update 67
11-08-2014 03:30:41 System Checkpoint
12-08-2014 17:47:01 System Checkpoint
13-08-2014 02:50:12 pre-uninstall defrag 3
13-08-2014 03:04:11 Removed IObit Apps Toolbar v8.9.
13-08-2014 03:13:05 Removed IObit Apps Toolbar v8.9.
13-08-2014 04:20:26 Installed SpyHunter
15-08-2014 03:43:30 Software Distribution Service 3.0
15-08-2014 18:35:07 Removed SpyHunter
18-08-2014 01:13:04 How to Smart Computing
18-08-2014 07:01:06 Software Distribution Service 3.0
19-08-2014 03:00:36 Removed AVG 2014
19-08-2014 03:04:47 Removed AVG 2014
19-08-2014 03:19:34 Pre-ComboFix
19-08-2014 04:25:34 Installed AVG 2014
19-08-2014 04:27:27 Installed AVG 2014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineCore.job => C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Task: C:\WINDOWS\Tasks\SentryBayUpdateTaskMachineUA.job => C:\Program Files\SentryBay\Update\SentryBayUpdate.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C3C8C3F-4C96-433B-BBD8-101E333F7261}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-06-18 22:44 - 2006-01-16 02:44 - 00018944 ____R () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-06-18 22:44 - 2006-01-16 02:44 - 00757760 ____R () C:\WINDOWS\System32\bcm1xsup.dll
2011-06-16 19:49 - 2011-06-16 19:49 - 00503296 _____ () C:\Program Files\AOL\DataMask by AOL\libxml2.dll
2013-04-30 18:31 - 2014-06-24 17:11 - 00293376 _____ () C:\Program Files\AOL\DataMask by AOL\libxmlsec.dll
2013-04-30 18:31 - 2014-06-24 17:11 - 00167936 _____ () C:\Program Files\AOL\DataMask by AOL\libxmlsec-mscrypto.dll
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WindowsDefender.msi:SummaryInformation
AlternateDataStreams: C:\WindowsDefender.msi:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\JJSR\Desktop\K54-Videostudio 8.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\JJSR\Desktop\tmo_servicebooks.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => " "= "Driver "

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 05:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/16/2014 09:10:15 PM) (Source: SentryBay Update) (EventID: 20) (User: NT AUTHORITY)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://sbomaha.appspot.com/update
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040

Error: (08/13/2014 04:55:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/12/2014 11:13:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: JJSR-02EC1F576A)
Description: Product: IObit Apps Toolbar v8.9 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\iobitappsToolbar.msi

Error: (08/12/2014 11:03:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: JJSR-02EC1F576A)
Description: Product: IObit Apps Toolbar v8.9 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\iobitappsToolbar.msi

Error: (08/08/2014 10:40:41 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2432) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/08/2014 00:28:36 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2560) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/07/2014 01:10:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (08/06/2014 04:17:14 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2488) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/06/2014 00:26:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt (2444) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (08/19/2014 09:14:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2014 09:13:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AOMEI Backupper Scheduler Service service failed to start due to the following error:
%%1053

Error: (08/19/2014 09:13:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AOMEI Backupper Scheduler Service service to connect.

Error: (08/19/2014 08:31:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (08/19/2014 08:31:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (08/19/2014 03:14:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (08/19/2014 03:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AOMEI Backupper Scheduler Service service failed to start due to the following error:
%%1053

Error: (08/19/2014 03:13:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the AOMEI Backupper Scheduler Service service to connect.

Error: (08/18/2014 11:58:39 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 00000004, parameter2 00000002, parameter3 00000000, parameter4 804fdd00.

Error: (08/18/2014 11:34:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (08/19/2014 05:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (08/16/2014 09:10:15 PM) (Source: SentryBay Update) (EventID: 20) (User: NT AUTHORITY)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://sbomaha.appspot.com/update
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040

Error: (08/13/2014 04:55:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (08/12/2014 11:13:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: JJSR-02EC1F576A)
Description: Product: IObit Apps Toolbar v8.9 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\iobitappsToolbar.msi(NULL)(NULL)(NULL)

Error: (08/12/2014 11:03:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: JJSR-02EC1F576A)
Description: Product: IObit Apps Toolbar v8.9 -- Error 1316.A network error occurred while attempting to read from the file C:\WINDOWS\Installer\iobitappsToolbar.msi(NULL)(NULL)(NULL)

Error: (08/08/2014 10:40:41 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt2432C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/08/2014 00:28:36 AM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt2560C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/07/2014 01:10:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (08/06/2014 04:17:14 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt2488C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/06/2014 00:26:10 PM) (Source: ESENT) (EventID: 490) (User: )
Description: wuauclt2444C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of memory in use: 43%
Total physical RAM: 1527.37 MB
Available physical RAM: 868.92 MB
Total Pagefile: 3423.28 MB
Available Pagefile: 2804.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:124.86 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 16DB16DA)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2014/08/19

Uninstall Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

diego1 · 2014/08/20

Advanced SystemCare

Hi Broni,

I wasn't aware I still have Advanced Care System since l unstalled back around July of this year. Although, I performed a search which yielded with over 600 files with Advanced Care System V6 & V7; many which appear to be duplicates of installer and set up files. I rechecked but, don't find in Add/Remove the option to uninstall. Is there a way to have these files uninstalled or removed?

broni · 2014/08/20

I adjusted fixlist.txt script to remove ASC leftovers.
Go ahead with my previous reply.

Log in or Sign up

Solved Infected with My Search Dial

diego1 Well-Known Member Thread Starter

PeteC SuperGeek Staff

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Infected with My Search Dial

diego1 Well-Known Member Thread Starter

PeteC SuperGeek Staff

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

diego1 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches