View Full Version : Barowwsoe2Save
kidzndogz
2014-02-28, 13:54
Hi:
I'm having a difficult time with this malware and I read another post and followed the insturctions:
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe
rkill.com
rkill.scr
rkill.pif
WiNlOgOn.exe
uSeRiNiT.exe
I copied the note pads results and tried to attached them here but it wouldn't allow me to do so with a notice saying "scan result of Farbar Recovery Scan Tool.docx: Invalid File. " I hope this is where I'm supposed to post it because the computer doesn't give me time to work before other things pop-up. It took me an hour just to post this message!
~~~~~~~~~~~~~~~~~`
Please download Farbar Recovery Scan Tool
(use correct version for your system.....Which system am I using?)
and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/
Hi and welcome
You really don't have to attach those logs, copy and paste them to notepad (they should actually already be on notepad), then copy and paste here into this topic?
kidzndogz
2014-02-28, 23:05
I think I tried that, but let me try again tonight.
kidzndogz
2014-03-01, 02:34
It's 31 pages long! 75207 characters. It won't allow me to post it. Should I post it in parts or am I trying to post the wrong thing? I'll post the first bit of it here.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by NSauter (administrator) on MOM on 28-02-2014 06:18:00
Running from C:\Documents and Settings\NSauter\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acer Inc.) C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(S3 Graphics, Inc.) C:\WINDOWS\system32\VTTimer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Oberon Media ) C:\Program Files\Gamesbar\SearchEngineProtection.exe
(acer Inc.) C:\Acer\Empowering Technology\eRecovery\Monitor.exe
() C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
() C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(RealNetworks, Inc.) c:\program files\real\realplayer\update\realsched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [LaunchApp] - Alaunch
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [VTTimer] - C:\WINDOWS\system32\VTTimer.exe [53248 2005-05-13] (S3 Graphics, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - c:\program files\real\realplayer\update\realsched.exe [295512 2013-09-21] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBGAFcALQBOAEgANwA0AFMALQA2AEoAVgBaAFIALQBGAEsAUABZAEEALQAyAFIARgBLAFAALQBTADYARQAwAEYA"&"inst=NwA2AC0ANQAwADMANgAxADEAMgAwADAALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBTAFQAMQArADIALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAwAA"&"prod=93"&"ver=9.0.894
HKLM\...\RunOnce: [SpybotSnD] - "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-02-12] (TomTom)
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [SearchEngineProtection] - C:\Program Files\Gamesbar\SearchEngineProtection.exe [591248 2011-03-03] (Oberon Media )
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {05f79474-6739-11df-963b-001558265613} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {05f79475-6739-11df-963b-001558265613} - K:\REALPLAY.EXE
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {1d4e2def-9cd7-11df-9667-001558265613} - J:\InstallTomTomHOME.exe
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {5cd348dc-57af-11de-9095-001558265613} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {75be6940-8922-11de-90e1-001558265613} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1091622689-2893527348-2989258316-1006\...\MountPoints2: {b3eed8a8-8f0e-11e2-975b-100d7fb323f1} - J:\MotorolaDeviceManagerSetup.exe -a
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => C:\Program Files\Optimizer Pro\OptProCrash.dll [4208456 2013-10-03] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1000M Genie.lnk
ShortcutTarget: NETGEAR WNA1000M Genie.lnk -> C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless 802.11g USB Adapter.lnk
ShortcutTarget: Wireless 802.11g USB Adapter.lnk -> C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe ()
Startup: C:\Documents and Settings\NSauter\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x383FD52B3EADCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll No File
BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ImageToPng - {8BF2BE1A-8BA7-2BFF-EAF4-1093428B40EB} - C:\Documents and Settings\All Users\Application Data\ImageToPng\iznbkeuTK4.dll ()
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796
FF user.js: detected! => C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\NSauter\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Invenda Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmnqmp07010901.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
FF Extension: Clean Links - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2013-10-08]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-02-16]
FF HKLM\...\FireFox\Extensions: [G2_v1042@gamingsquared.com] - C:\Program Files\GamingSquared\Gaming2\FF_v1042
FF Extension: (Gaming)2 - C:\Program Files\GamingSquared\Gaming2\FF_v1042 [2008-05-10]
FF HKLM\...\FireFox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\FireFox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-21]
FF HKLM\...\FireFox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
Chrome:
=======
CHR RestoreOnStartup: "hxxp://msn.com/"
CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
CHR Extension: (RealDownloader) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [438272 2005-09-21] (Acer Inc.)
R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25640 2007-07-11] (Amazon.com)
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [660848 2011-04-12] (Juniper Networks)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-31] (Oracle Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe" "C:\Program Files\Zumie\zumie.dll" Service
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2013-03-16] (Cisco Systems, Inc.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2011-04-12] (Juniper Networks)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R2 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\WNA1000M.sys [994664 2011-01-31] (Realtek Semiconductor Corporation )
R1 UBHelper; C:\WINDOWS\system32\Drivers\UBHelper.sys [13952 2004-12-17] ()
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-01] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [172544 2005-05-13] (Copyright (C) VIA/S3 Graphics Co, Ltd.)
R2 WLNdis50; C:\WINDOWS\System32\DRIVERS\wlndis50.sys [20480 2008-02-27] ()
S3 ZD1211U(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [247296 2004-09-29] (ZyDAS Technology Corporation)
S3 ZDPNDIS5; C:\WINDOWS\system32\ZDPNDIS5.SYS [17151 2004-01-14] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ALCXWDM; system32\drivers\ALCXWDM.SYS [X]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\NSauter\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\NSauter\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-28 06:15 - 2014-02-28 06:18 - 00000000 ____D () C:\FRST
2014-02-28 05:58 - 2014-02-28 06:00 - 00002476 _____ () C:\Documents and Settings\NSauter\Desktop\Rkill.txt
2014-02-16 08:46 - 2014-02-16 08:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:10 - 2014-02-15 17:10 - 00000825 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to O'Leary 043.lnk
2014-02-15 17:09 - 2014-02-15 17:09 - 00000586 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to Brie Circa 1947.lnk
2014-02-13 14:44 - 2014-02-13 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\deal4ime
2014-02-12 07:52 - 2014-02-12 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 07:42 - 2014-02-12 07:42 - 00012216 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 07:40 - 2014-02-12 07:42 - 00005431 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 02:34 - 2014-02-12 07:52 - 00015034 _____ () C:\WINDOWS\KB2916036.log
2014-02-05 16:34 - 2014-02-05 16:34 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\2013-11-10
2014-02-05 16:24 - 2014-02-05 16:25 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Charlie W2
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImageToPng
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\dhdipaidhfodehakhibkeeongcafikel
==================== One Month Modified Files and Folders =======
2014-02-28 06:20 - 2010-05-24 11:46 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{18F49D0F-5D29-4F7D-BF75-6C9A0F4EE19F}.job
2014-02-28 06:18 - 2014-02-28 06:15 - 00000000 ____D () C:\FRST
2014-02-28 06:00 - 2014-02-28 05:58 - 00002476 _____ () C:\Documents and Settings\NSauter\Desktop\Rkill.txt
2014-02-28 05:48 - 2005-12-06 10:25 - 01861541 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 05:46 - 2013-01-11 22:09 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 05:22 - 2012-05-12 07:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-27 06:40 - 2009-10-04 05:47 - 00002515 _____ () C:\Documents and Settings\NSauter\Desktop\Microsoft Office Word 2007.lnk
2014-02-27 03:17 - 2005-12-06 10:25 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-26 12:46 - 2013-01-11 22:09 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 21:09 - 2009-11-27 18:56 - 00000000 ____D () C:\Documents and Settings\NSauter\Desktop\Facebook Photos
2014-02-23 16:47 - 2013-11-13 08:18 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-23 11:15 - 2006-06-18 11:59 - 00000733 _____ () C:\WINDOWS\system32\eRLog.ini
2014-02-22 09:23 - 2012-12-28 06:33 - 00000290 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
2014-02-22 09:23 - 2012-12-28 06:33 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
2014-02-22 09:23 - 2011-07-22 12:11 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
2014-02-22 09:23 - 2005-12-06 10:25 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-22 09:23 - 2005-12-06 10:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-22 09:23 - 2005-12-05 23:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-22 09:23 - 2005-12-05 23:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-22 09:21 - 2006-06-18 11:53 - 00000278 ___SH () C:\Documents and Settings\NSauter\ntuser.ini
2014-02-22 07:53 - 2013-12-31 06:00 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-21 19:22 - 2012-05-12 07:55 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 19:22 - 2011-06-23 04:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-19 07:09 - 2013-10-09 07:03 - 00069048 _____ () C:\WINDOWS\setupapi.log
2014-02-16 15:46 - 2012-04-28 20:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 09:24 - 2011-02-04 21:19 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Taxes
2014-02-16 08:47 - 2014-02-16 08:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 17:10 - 2014-02-15 17:10 - 00000825 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to O'Leary 043.lnk
2014-02-15 17:09 - 2014-02-15 17:09 - 00000586 _____ () C:\Documents and Settings\NSauter\Desktop\Shortcut to Brie Circa 1947.lnk
2014-02-13 21:14 - 2014-01-11 17:19 - 00007876 _____ () C:\WINDOWS\DBPerf.log
2014-02-13 14:45 - 2014-02-13 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\deal4ime
2014-02-13 14:45 - 2013-12-22 17:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\7bf2d9e06a4045c3
2014-02-12 20:07 - 2008-04-08 00:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-12 17:51 - 2005-12-06 08:08 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 07:52 - 2014-02-12 07:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 07:52 - 2014-02-12 02:34 - 00015034 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 07:52 - 2013-10-09 07:07 - 00014270 _____ () C:\WINDOWS\updspapi.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00135496 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00065032 _____ () C:\WINDOWS\ocgen.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00051898 _____ () C:\WINDOWS\tsoc.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00044620 _____ () C:\WINDOWS\comsetup.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00027088 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00021383 _____ () C:\WINDOWS\iis6.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00007524 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00006798 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 07:52 - 2013-10-09 07:05 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 07:49 - 2005-12-06 08:12 - 00507864 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 07:46 - 2013-07-13 13:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 07:42 - 2014-02-12 07:42 - 00012216 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 07:42 - 2014-02-12 07:40 - 00005431 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 07:42 - 2013-10-09 07:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 07:42 - 2006-06-18 19:34 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-11 05:52 - 2011-07-22 12:11 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job
2014-02-09 15:40 - 2012-11-03 10:04 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Dad
2014-02-06 03:54 - 2004-08-04 00:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 00:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 14:07 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2010-06-10 21:06 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2009-06-27 05:20 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2009-06-27 05:20 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2007-05-09 15:54 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2007-05-09 15:54 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2007-05-09 15:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2007-05-09 15:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2005-07-19 22:00 - 06021120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2005-07-19 22:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2005-07-02 21:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 00:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 00:00 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2004-08-04 00:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-04 00:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-05 16:34 - 2014-02-05 16:34 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\2013-11-10
2014-02-05 16:25 - 2014-02-05 16:24 - 00000000 ____D () C:\Documents and Settings\NSauter\My Documents\Charlie W2
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ImageToPng
2014-01-30 15:37 - 2014-01-30 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\dhdipaidhfodehakhibkeeongcafikel
2014-01-30 15:37 - 2005-12-06 07:57 - 00000000 __SHD () C:\Documents and Settings\LocalService
Files to move or delete:
====================
C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
Some content of TEMP:
====================
C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by NSauter at 2014-02-28 06:20:57
Running from C:\Documents and Settings\NSauter\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Acer eConsole (HKLM\...\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}) (Version: 1.2.23.0 - )
Acer eMode Management (HKLM\...\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}) (Version: 2.0.18.0 - )
Acer System Information (HKLM\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,2,392,0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon Unbox Video (HKLM\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.0.0.59 - Amazon.com)
Amazon Unbox Video (Version: 2.0.0.59 - Amazon.com) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon PowerShot SX40 HS Camera User Guide (HKLM\...\CameraUserGuide-PSSX40HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative System Information (HKLM\...\SysInfo) (Version: - )
Creative ZEN Vision M Series (HKLM\...\{31C44235-A613-4E95-B297-207BF6C6A8C1}) (Version: 1.0 - )
deal4ime (HKLM\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - DaeAl4me)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (Version: 130.0.448.000 - Hewlett-Packard) Hidden
F4400 (Version: 130.0.448.000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version: - Facebook, Inc.)
GamesBar 2.0.1.82 (HKLM\...\GamesBar) (Version: 2.0.1.82 - Oberon Media, Inc.)
GamingSquared Console (HKLM\...\GamingSquaredConsole) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (HKLM\...\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
ImageToPng (HKLM\...\{96CA71FF-122E-97A7-1D4F-F986889CA854}) (Version: - ImmageeTToPng)
iTunes (HKLM\...\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}) (Version: 7.7.0.43 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150050}) (Version: 1.5.0.50 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Network Connect 7.0.0 (HKLM\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MetaFrame Presentation Server Client (HKLM\...\{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}) (Version: 9.100.36280 - Citrix Systems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
Move Networks Player for Firefox (HKLM\...\Move Player_is1) (Version: - Move Networks)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (HKLM\...\InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}) (Version: 1.01.10 - NETGEAR)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (Version: 1.01.10 - NETGEAR) Hidden
NTI Backup NOW! 4 (HKLM\...\InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}) (Version: 4 - NewTech Infosystems)
NTI Backup NOW! 4 (Version: 4 - NewTech Infosystems) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: - )
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shutterfly Studio (HKLM\...\SFlyStudio) (Version: .1 - )
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.4 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version: - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
USB Dual Vibration Joystick (HKLM\...\{6EA87AEE-9643-4009-BB1A-91922A93C00F}) (Version: - )
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless 802.11g USB Adapter (HKLM\...\InstallShield_{703FBBAA-ED01-498D-86D5-559C4725CD63}) (Version: 1.00.4331 - Wireless 802.11g USB Adapter)
Wireless 802.11g USB Adapter (Version: 1.00.4331 - Wireless 802.11g USB Adapter) Hidden
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version: - )
==================== Restore Points =========================
01-01-2014 00:36:16 Software Distribution Service 3.0
01-01-2014 12:24:00 Removed Adobe Photoshop Elements 12.
01-01-2014 12:43:33 Removed Adobe Photoshop Elements 12.
01-01-2014 13:00:57 Removed Adobe Photoshop Elements 12.
01-01-2014 20:30:53 Installed %1 %2.
01-01-2014 21:49:18 Removed Adobe Photoshop Elements 12.
01-01-2014 22:41:59 Removed Adobe Photoshop Elements 12.
03-01-2014 00:09:35 System Checkpoint
03-01-2014 00:19:40 Software Distribution Service 3.0
03-01-2014 02:51:30 Installed Acer System Information
04-01-2014 14:00:04 Software Distribution Service 3.0
05-01-2014 17:43:49 Software Distribution Service 3.0
07-01-2014 01:41:39 Software Distribution Service 3.0
11-01-2014 22:37:06 Software Distribution Service 3.0
12-01-2014 22:17:09 Software Distribution Service 3.0
13-01-2014 12:38:38 Software Distribution Service 3.0
17-01-2014 02:07:52 Software Distribution Service 3.0
17-01-2014 13:00:48 Software Distribution Service 3.0
18-01-2014 01:59:41 Software Distribution Service 3.0
19-01-2014 03:56:42 System Checkpoint
19-01-2014 21:15:48 Software Distribution Service 3.0
22-01-2014 03:13:11 System Checkpoint
22-01-2014 10:33:26 Software Distribution Service 3.0
24-01-2014 10:54:10 Software Distribution Service 3.0
25-01-2014 12:24:48 System Checkpoint
25-01-2014 17:59:46 Software Distribution Service 3.0
27-01-2014 01:22:42 Software Distribution Service 3.0
28-01-2014 23:58:36 Software Distribution Service 3.0
29-01-2014 23:58:16 Software Distribution Service 3.0
02-02-2014 18:17:42 Software Distribution Service 3.0
04-02-2014 23:33:22 Software Distribution Service 3.0
05-02-2014 12:10:43 Software Distribution Service 3.0
07-02-2014 11:18:17 Software Distribution Service 3.0
08-02-2014 20:38:42 Software Distribution Service 3.0
09-02-2014 21:35:45 Software Distribution Service 3.0
11-02-2014 11:05:55 Software Distribution Service 3.0
12-02-2014 12:37:00 Software Distribution Service 3.0
12-02-2014 22:59:01 Software Distribution Service 3.0
13-02-2014 23:25:57 System Checkpoint
14-02-2014 10:28:55 Software Distribution Service 3.0
15-02-2014 12:08:35 Software Distribution Service 3.0
16-02-2014 14:48:24 Software Distribution Service 3.0
16-02-2014 21:39:17 Software Distribution Service 3.0
19-02-2014 02:44:55 Software Distribution Service 3.0
20-02-2014 10:34:42 Software Distribution Service 3.0
21-02-2014 10:56:19 Software Distribution Service 3.0
22-02-2014 11:19:05 Software Distribution Service 3.0
23-02-2014 16:28:55 Software Distribution Service 3.0
23-02-2014 21:52:24 Software Distribution Service 3.0
25-02-2014 22:51:53 Software Distribution Service 3.0
27-02-2014 00:46:25 System Checkpoint
27-02-2014 09:55:51 Software Distribution Service 3.0
28-02-2014 10:39:25 Software Distribution Service 3.0
==================== Hosts content: ==========================
2004-08-04 00:00 - 2013-02-03 21:10 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1091622689-2893527348-2989258316-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{18F49D0F-5D29-4F7D-BF75-6C9A0F4EE19F}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2004-08-04 00:00 - 2004-08-04 00:00 - 00015360 ____C () C:\WINDOWS\system32\tsd32.dll
2006-06-18 11:54 - 2005-09-21 15:40 - 00737280 _____ () C:\Program Files\Acer\Acer eConsole\log4cxx.dll
2006-06-18 11:54 - 2005-09-21 15:44 - 00151552 _____ () C:\Program Files\Acer\Acer eConsole\MediaUtil.dll
2004-08-04 00:00 - 2008-03-24 23:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2007-07-11 17:25 - 2007-07-11 17:25 - 00097320 ____R () C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2004-08-04 00:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2013-10-05 17:33 - 2013-10-03 13:46 - 04208456 ____N () C:\Program Files\Optimizer Pro\OptProCrash.dll
2013-10-05 17:33 - 2013-10-05 17:33 - 00193176 ____N () C:\Program Files\Optimizer Pro\OptProCrashSvc.dll
Please go to Add/Remove programs and uninstall
Coupon Printer
Optimizer Pro
~~~~~~~~~~~~~~~~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe"
C:\Program Files\Zumie\zumie.dll
S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
kidzndogz
2014-03-01, 12:59
1. I removed Coupon Printer but Optimizer Pro was not visible on my add/remove list. Do I still go forward with the instructions?
2. Is Note Pad the same as One Note? and if not, how do I access Note Pad?
kidzndogz
2014-03-01, 13:11
3. "NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)"
I think I missed something. FRST/FRST64? and "Farbar Recovery Scan Tool" (FRST) program? Are they supposed to already be on my desktop so I can save it "Next" to it?
1. I removed Coupon Printer but Optimizer Pro was not visible on my add/remove list. Do I still go forward with the instructions?
2. Is Note Pad the same as One Note? and if not, how do I access Note Pad?
uninstall what you could find and continue.
Notepad and One Note or not the same.
Start -> Run -> type notepad in the Open field -> OK
Running from C:\Documents and Settings\NSauter\My Documents\Downloads
Go here and locate Farbar Recovery Scan Tool, right click on the and scroll to "send to", chose desktop.
I think I missed something. FRST/FRST64? and "Farbar Recovery Scan Tool" (FRST) program? Are they supposed to already be on my desktop so I can save it "Next" to it?
FRST/FRST64? and "Farbar Recovery Scan Tool are the same. Find the Farbar Recovery Scan Tool icon on your desktop, after you copy and paste the fixlist.txt to notepad, place it next to the Farbar Recovery Scan Tool icon, and press the Fix button just once and wait.
kidzndogz
2014-03-02, 04:45
I did exactly as instructed and got:
No fixlist.txt found
The fixlist.text should be in the same folder/directory the tool is located.
So I created a folder on the desktop and put them both in it so there was no mistaking that they were together. After clicking on Fix, I received the same message again.
kidzndogz
2014-03-02, 05:18
Never mind. It seemed to work, I think:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 01
Ran by NSauter at 2014-03-01 22:15:00 Run:1
Running from C:\Documents and Settings\NSauter\My Documents\Fix
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe"
C:\Program Files\Zumie\zumie.dll
S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end
This is the fixlist I posted, if it worked properly it should had extended lines saying.....deleted successfully?
Running from C:\Documents and Settings\NSauter\My Documents\Fix <-- this might be the problem.
If it didn't run as expected we can try again.
Find the fixlist I had created. See if when you saved it it was named fixlist not fix
If it wasn't......right click on the file and select rename, then you can rename it fixlist
Make sure they are still located together and open FRST, then click run?
If not we can just delete the FRST you have and re-download it again.
If using these 2 browsers below follow these instructions to ensure the tool is located on desktop.
Firefox
you press the orange Firefox button in the top left corner >> Options
Beneath where it shows homepage, click on save files to desktop.
Chrome --
Press the Customize and Control Google button (three horizontal lines in top right corner of screen) >> Settings >> Show Advanced Settings >> Downloads, Download location, click on save to desktop.
kidzndogz
2014-03-02, 15:23
It seemed to have worked now:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 01
Ran by NSauter at 2014-03-01 22:15:00 Run:1
Running from C:\Documents and Settings\NSauter\My Documents\Fix
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe"
C:\Program Files\Zumie\zumie.dll
S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end
kidzndogz
2014-03-02, 15:26
Oops! sorry I got confused and didn't see your answer above. I now see I just reposted the same thing. Let me follow these new ideas.
kidzndogz
2014-03-02, 15:45
This is what I got this time:
fix completed the "Fix Log.txt" is saved in the same directory FRST is located.
This is what the Fixlog says:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 01
Ran by NSauter at 2014-03-02 08:41:42 Run:2
Running from C:\Documents and Settings\NSauter\Desktop\Fixlist
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKLM - DefaultScope {F2641A41-2FF8-4B53-9A53-E9DB04B08CD5} URL =
SearchScopes: HKLM - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL = http://www.zumie.com/?prt=ZumFreez&keywords={searchTerms}
SearchScopes: HKCU - {94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} URL =
BHO: deal4ime - {40034C10-13E9-09F9-E216-0D4A63039FF0} - C:\Documents and Settings\All Users\Application Data\deal4ime\M.dll ()
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml
FF Extension: ImageToPng - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com [2014-02-05]
FF Extension: deal4ime - C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk [2014-02-15]
CHR Extension: (deal4ime) - C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace [2014-02-13]
CHR HKLM\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKCU\...\Chrome\Extension: [aobbhmkkplckkcbnbcdbkneemiooegoc] - C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [193176 2013-10-05] ()
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [X]
S4 Zumie Search Service; "C:\Program Files\Zumie\zumie.exe"
C:\Program Files\Zumie\zumie.dll
S3 RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys [X]
C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat
C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end
*****************
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Unable to delete value
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKCR\Wow6432Node\CLSID\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKCR\Wow6432Node\CLSID\{94D57B42-E3BA-4C01-B98A-8CCA2FCBF29E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40034C10-13E9-09F9-E216-0D4A63039FF0} => Key not found.
HKCR\CLSID\{40034C10-13E9-09F9-E216-0D4A63039FF0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Unable to delete value
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
"C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\searchplugins\MyStart Search.xml" => not found.
C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\juap@uyutnjirrp.com => not found.
C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\Extensions\oidn90k@kxd-tiei.co.uk => not found.
C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajikdlmpdhlojfpcammldldohjobdace directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc => Key not found.
"C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc => Key not found.
"C:\Documents and Settings\NSauter\Local Settings\Application Data\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
ca82e1a5 => Service not found.
CltMngSvc => Service not found.
Zumie Search Service => Service not found.
"C:\Program Files\Zumie\zumie.dll" => File/Directory not found.
RkHit => Service not found.
"C:\Documents and Settings\NSauter\jagex_runescape_preferences.dat" => File/Directory not found.
"C:\Documents and Settings\NSauter\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found.
==== End of Fixlog ====
kidzndogz
2014-03-02, 16:18
from ADWCleaner.exe:
# AdwCleaner v3.020 - Report created 02/03/2014 at 08:56:57
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : NSauter - MOM
# Running from : C:\Documents and Settings\NSauter\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : ca82e1a5
[#] Service Deleted : CltMngSvc
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\GamesBar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\GamesBar
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Documents and Settings\NSauter\Local Settings\Application Data\WordLayers
Folder Deleted : C:\Documents and Settings\NSauter\Application Data\Viewpoint
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aobbhmkkplckkcbnbcdbkneemiooegoc
File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Documents and Settings\NSauter\Application Data\Mozilla\Firefox\Profiles\ud9hh5ku.default-1381060490796\user.js
File Deleted : C:\Documents and Settings\NSauter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
***** [ Shortcuts ] *****
kidzndogz
2014-03-02, 17:26
JRT Log:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by NSauter on Sun 03/02/2014 at 9:25:09.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
~~~ Files
Successfully deleted: [File] "C:\Documents and Settings\NSauter\appdata\locallow\SkwConfig.bin"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\NSauter\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Documents and Settings\NSauter\Local Settings\Application Data\cre"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/02/2014 at 9:31:20.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kidzndogz
2014-03-02, 17:27
Do you think we did it? Are we done?
Looks better, and the fix did work this time.
Whats going on with the computer at the moment?
kidzndogz
2014-03-02, 19:03
I don't know yet. Let me play for a while when I have a chance to sit down and I'll get back to you.
N
We need to check for remnants.
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
**********************
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
kidzndogz
2014-03-03, 00:05
It's still churning away, but no more pop-ups which is huge!
Thank you so very much!!!!
P.S. I figured out the problem I was having with FRST. You had instructed me where to find it and then said to right click and scroll down to "send to", chose desktop. when I did that what happened was it sent a shortcut to the desktop. When I went back in and right clicked and "copied" and then pasted to the desktop it worked.
Just thought you might want to know for future.
Thank you again...things are so much better!
When I went back in and right clicked and "copied" and then pasted to the desktop it worked.
Thank you so much for telling me this, I kinda screwed up.
No more pop ups is good news.
Eset can take a good while to run and scan but it is a good thorough scanner I rely on often. Don't be alarmed if it finds things because I expect this. What I would like to see is that what it does find are already located in quarantine folders.
kidzndogz
2014-03-03, 00:42
Great. Thank you again. I'll let you know if I learn anything else from it.
How are you doing on the last scan?
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.