PDA

View Full Version : Slow computer



sunshine&flowerpots
2015-04-11, 14:24
Hi,

I am using my parents computer & have found it to be really slow. My parents say that they have found problems with loading applications, drop in internet connection - weak wifi signal even when next to hub (not sure if this is related to computer). Overall not very good. I have created a back up. Here's FRST & Ambr

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by valerie (administrator) on REPLACEMENTPC on 11-04-2015 11:28:11
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available profiles: valerie)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(VER_COMPANY_NAME) C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(COMPANYVERS_NAME) C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Joyent, Inc) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2039096 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [TotalRecipeSearch Search Scope Monitor] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [44784 2013-10-09] (MindSpark)
HKLM\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2013-10-09] (VER_COMPANY_NAME)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4435968 2007-04-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1822720 2007-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: E - E:\Bin\ASSETUP.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MountPoints2: {474edf55-1b46-11dc-8149-806e6f6e6963} - E:\inst_32\autorun.exe
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {0633EE93-1111-472f-A0FF-E1416B8B2EAA} URL = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-01-21] (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
BHO: Toolbar BHO -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16] (Google Inc.)
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-09-28] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09] (Sun Microsystems, Inc.)
BHO: Search Assistant BHO -> {df22384f-cf68-4d19-969f-10423715528b} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [2013-10-09] (MindSpark)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-01-21] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-01-21] (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKLM - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-09-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-04-01] (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2012-11-23] (Alcatel-Lucent)
FF Plugin: @pandasecurity.com/activescan -> C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll [2009-12-07] (Panda Security)
FF Plugin: @real.com/npracplug;version=1.0.0.0 -> C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll [2005-04-27] (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll [2013-10-09] (MindSpark)
FF Plugin HKU\S-1-5-21-1343853513-471013651-1662923988-1000: @yahoo.com/BrowserPlus,version=2.9.2 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll [2010-06-10] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-28]
FF HKLM\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files\TotalRecipeSearch_14\bar\1.bin
FF Extension: TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013-10-09]

Chrome:
=======
CHR Profile: C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (YouTube) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google Search) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (BT DesktopHelp extension) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-12-01]
CHR Extension: (Google Sheets) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (Gmail) - C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
S2 gupdate1c95fd8b90ceb00; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TotalRecipeSearch_14Service; C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2013-10-09] (COMPANYVERS_NAME)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.) [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2007-01-09] (Chic)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 NETIMFLT; C:\Windows\System32\DRIVERS\netimflt.sys [142128 2007-04-24] (Panda Software)
R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-29] (Sonic Solutions) [File not signed]
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-12] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1149552 2010-10-01] (VIA Technologies, Inc.)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 PavSRK.sys; No ImagePath
S3 PavTPK.sys; No ImagePath
S1 WNMFLT; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 11:28 - 2015-04-11 11:28 - 00020597 _____ () C:\Users\valerie\Desktop\FRST.txt
2015-04-11 11:26 - 2015-04-11 11:28 - 00000000 ____D () C:\FRST
2015-04-11 11:25 - 2015-04-11 11:25 - 01135104 _____ (Farbar) C:\Users\valerie\Desktop\FRST.exe
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 _____ () C:\Windows\setupact.log
2015-04-11 11:21 - 2015-04-11 11:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-REPLACEMENTPC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-11 11:19 - 2015-04-11 11:19 - 00002027 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\RegBackup
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-11 11:19 - 2015-04-11 11:19 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-04-11 11:18 - 2015-04-11 11:18 - 04720448 _____ () C:\Users\valerie\Desktop\tweaking.com_registry_backup_setup.exe
2015-04-11 10:02 - 2015-04-11 10:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-09 09:51 - 2015-04-11 10:11 - 00101280 _____ () C:\Users\valerie\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 16:13 - 2015-04-08 16:13 - 00000815 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-08 16:13 - 2015-04-08 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-04 22:38 - 2015-04-04 22:58 - 00158929 _____ () C:\Users\valerie\Documents\St Barnabas Heading.pptx
2015-04-02 09:00 - 2015-04-02 09:00 - 00741888 _____ () C:\Users\valerie\Downloads\Candle day 2015 dates.pub
2015-03-29 15:06 - 2015-03-29 15:41 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00001742 _____ () C:\Users\Public\Desktop\Play Jewel Match 3.lnk
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match 3
2015-03-29 15:05 - 2015-03-29 15:05 - 00000000 ____D () C:\Program Files\Jewel Match 3
2015-03-29 14:34 - 2015-03-29 14:34 - 00001678 _____ () C:\Users\Public\Desktop\Play Fairies.lnk
2015-03-29 14:34 - 2015-03-29 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairies
2015-03-29 14:34 - 2015-03-29 14:34 - 00000000 ____D () C:\Program Files\Fairies
2015-03-28 00:24 - 2015-03-28 00:24 - 00000000 ____D () C:\Users\valerie\AppData\Local\{7D251CB0-B59D-45C9-AAC5-40D6702D2A82}
2015-03-23 16:15 - 2015-03-23 16:15 - 00000000 ____D () C:\Users\valerie\AppData\Local\{EBE90903-51C9-429C-905C-72EE76B30A8C}
2015-03-12 12:14 - 2015-03-12 12:14 - 00000000 ____D () C:\Users\valerie\AppData\Local\{090BB9AD-9A11-4E24-9546-4DC285C1F52A}
2015-03-12 01:12 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 01:11 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 01:10 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 01:02 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 01:02 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 01:01 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 01:01 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 01:01 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 01:01 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 01:01 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 01:00 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 00:59 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 00:58 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 11:19 - 2009-07-02 11:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 11:06 - 2014-04-17 15:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 11:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-04-11 10:50 - 2007-06-18 20:24 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-11 10:18 - 2007-06-15 14:47 - 02074065 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 10:05 - 2006-11-02 11:33 - 00753902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 09:46 - 2014-04-17 15:49 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-11 09:46 - 2011-08-20 17:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-11 09:46 - 2007-08-28 00:36 - 00000000 ____D () C:\Users\valerie\AppData\Local\Adobe
2015-04-11 09:42 - 2010-03-04 21:21 - 00000384 _____ () C:\Windows\Tasks\FileCure Startup.job
2015-04-11 09:42 - 2009-07-02 11:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 09:42 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 09:42 - 2006-11-02 13:47 - 00005984 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 09:42 - 2006-11-02 13:47 - 00005984 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 21:46 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-10 19:29 - 2007-09-04 13:26 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 18:00 - 2010-02-06 01:30 - 00000446 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-04-10 17:50 - 2014-12-09 18:50 - 00000244 _____ () C:\Windows\Tasks\Epson Printer Software Downloader.job
2015-04-10 17:18 - 2011-01-20 19:22 - 00000000 ____D () C:\Users\valerie\Documents\Excel
2015-04-10 03:28 - 2010-03-04 21:21 - 00000368 _____ () C:\Windows\Tasks\FileCure.job
2015-04-10 00:33 - 2010-02-06 01:30 - 00000420 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2015-04-09 17:11 - 2011-06-16 12:59 - 00000000 ____D () C:\Users\valerie\Documents\Charlie's Book
2015-04-08 16:16 - 2009-08-28 11:41 - 00000000 ____D () C:\Users\valerie\Tracing
2015-04-08 16:15 - 2009-01-19 21:40 - 00000000 ____D () C:\Users\valerie\Desktop\Big Fish
2015-04-08 16:15 - 2008-08-17 22:34 - 00000000 ____D () C:\Users\valerie\Desktop\GAMES
2015-04-08 16:15 - 2007-09-25 20:11 - 00000000 ____D () C:\Windows\Minidump
2015-04-08 16:15 - 2007-06-08 03:00 - 00000000 ____D () C:\Windows\Panther
2015-04-08 16:13 - 2010-04-06 09:05 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-08 16:13 - 2010-04-06 09:05 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 16:27 - 2013-11-04 10:52 - 00002627 _____ () C:\Users\valerie\Desktop\Microsoft Office Word 2007.lnk
2015-04-07 12:49 - 2010-02-05 15:11 - 00000000 ____D () C:\Program Files\TrainzSimulator2009
2015-04-05 10:31 - 2013-03-03 13:38 - 00000000 ____D () C:\Users\valerie\Desktop\Trains for sorting
2015-04-04 22:56 - 2014-08-14 08:58 - 00000000 ____D () C:\Users\valerie\Documents\St.Barnabas Brvment
2015-04-04 22:56 - 2010-09-12 10:03 - 00000000 ____D () C:\Users\valerie\Documents\St Barnabas shop
2015-04-04 13:28 - 2014-12-09 19:30 - 00000000 ____D () C:\Users\valerie\AppData\Roaming\Epson
2015-04-01 21:23 - 2014-12-01 23:12 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 15:24 - 2014-09-11 23:17 - 00000000 ____D () C:\Users\valerie\Desktop\Busses & Lorries for sorting
2015-03-31 15:24 - 2012-01-28 11:16 - 00000000 ____D () C:\Users\valerie\Desktop\Photo sorting
2015-03-29 17:43 - 2013-12-06 16:54 - 00000000 ____D () C:\BigFishCache
2015-03-29 15:05 - 2015-01-15 21:36 - 00001192 _____ () C:\Users\Public\Desktop\More Great Games.lnk
2015-03-29 15:05 - 2011-08-15 10:45 - 00006533 _____ () C:\Windows\wininit.ini
2015-03-29 15:05 - 2007-06-18 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 15:30 - 2010-10-23 23:40 - 00000000 ____D () C:\Users\valerie\Documents\King Arthur stuff
2015-03-12 01:12 - 2008-05-13 20:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 01:10 - 2013-07-20 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 01:03 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2007-09-19 13:02 - 2007-09-19 13:02 - 0774144 _____ (RealNetworks, Inc.) C:\Program Files\RngInterstitial.dll
2010-04-06 20:23 - 2010-04-06 20:23 - 16409960 _____ (Safer Networking Limited ) C:\Program Files\spybotsd162.exe
2007-10-15 19:05 - 2011-05-06 14:51 - 0000680 _____ () C:\Users\valerie\AppData\Local\d3d9caps.dat
2007-08-24 10:29 - 2014-12-02 22:43 - 0051712 _____ () C:\Users\valerie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2007-09-20 09:24 - 2010-11-27 20:35 - 0000118 _____ () C:\Users\valerie\AppData\Local\DownloadLog.txt
2011-05-21 16:10 - 2011-05-21 16:11 - 0000000 _____ () C:\Users\valerie\AppData\Local\{83FB0A07-5C3A-4242-839C-60C562C72A87}
2013-07-19 10:32 - 2013-07-19 10:32 - 15985837 _____ () C:\ProgramData\SPL51CD.tmp
2012-03-24 11:30 - 2012-03-24 11:30 - 2409340 _____ () C:\ProgramData\SPL5456.tmp
2013-10-20 09:46 - 2013-10-20 09:46 - 0597668 _____ () C:\ProgramData\SPL6315.tmp
2012-05-21 13:12 - 2012-05-21 13:12 - 0514329 _____ () C:\ProgramData\SPL777F.tmp
2012-05-21 12:33 - 2012-05-21 12:33 - 0514329 _____ () C:\ProgramData\SPL7F3E.tmp
2013-10-19 10:36 - 2013-10-19 10:36 - 0597668 _____ () C:\ProgramData\SPLAE87.tmp
2012-03-24 11:04 - 2012-03-24 11:04 - 2409340 _____ () C:\ProgramData\SPLCC55.tmp
2007-10-30 17:14 - 2007-10-30 17:14 - 0474688 _____ () C:\ProgramData\SPLCF13.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 10:14

==================== End Of Log ============================

FRST Addt.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by valerie at 2015-04-11 11:29:11
Running from C:\Users\valerie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Hidden Objects (HKLM\...\BFG-100 Percent Hidden Objects) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.258 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.258 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Alchemy Quest (HKLM\...\BFG-Alchemy Quest) (Version: - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.45 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{7A9FC484-2002-39E6-EF93-990C8A0D6F96}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Bricks of Egypt (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
BT Broadband Talk Softphone 2.0 (HKLM\...\BT Broadband Talk Softphone Frontier_is1) (Version: - BT)
BT Desktop Help (HKLM\...\BT Desktop Help) (Version: - )
BTTotalBroadband220V (HKLM\...\BT Total Broadband 220V) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chuzzle Deluxe 1.01 (HKLM\...\Chuzzle Deluxe 1.01) (Version: - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Printer Software Downloader (HKLM\...\Epson Printer Software Downloader) (Version: - )
Epson Printer Software Downloader (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX210 Series Printer Uninstall (HKLM\...\EPSON SX210 Series) (Version: - SEIKO EPSON Corporation)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fairies (HKLM\...\BFG-Fairies) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
File Signature Verification (HKLM\...\chklogo) (Version: - Microsoft Corporation)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}) (Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{E0783143-EAE2-4047-A8D6-E155523C594C}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM\...\{4286E640-B5FB-11DF-AC4B-005056C00008}) (Version: 5.2.1.1588 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HydraVision (Version: 4.2.152.0 - ATI Technologies Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Jar of Marbles (HKLM\...\BFG-Jar of Marbles) (Version: - )
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Jewel Match 3 (HKLM\...\BFG-Jewel Match 3) (Version: - )
Jewel Quest Heritage (HKLM\...\BFG-Jewel Quest Heritage) (Version: - )
Jigs@w Puzzle 2 (HKLM\...\{E9618350-E3C0-450b-828A-33EB3F5A941A}) (Version: - Tibo Software)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Trains - Trainz Simulator 2009 (HKLM\...\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}) (Version: 1.00.0000 - Just Trains)
Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech)
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (HKLM\...\{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}) (Version: 3.0.133.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Midnight Castle (HKLM\...\BFG-Midnight Castle) (Version: - )
MyFreeCodec (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\MyFreeCodec) (Version: - )
Noah's Ark Deluxe 1.1 (HKLM\...\Noah's Ark Deluxe 1.1) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
Panda ActiveScan 2.0 (HKLM\...\ActiveScan 2.0) (Version: 01.04.00.0000 - Panda Security)
PCI Soft Voice SoftRing Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.0.0 - Conexant Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
RealArcade (HKLM\...\RealArcade 1.2) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5404 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Tesco Easy Record (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.31 - Sonic Solutions)
Tesco Personal Finance 1.0 (HKLM\...\Tesco Personal Finance 1.0) (Version: - Tesco)
Tesco Photobook Creator (HKLM\...\Tesco Photobook Creator_is1) (Version: - )
TotalRecipeSearch Firefox Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
TotalRecipeSearch Internet Explorer Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Trainz Paint Shed (HKLM\...\{6202DCFE-2F03-445C-9885-CB54B062BC0F}) (Version: RC1 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vivitar Experience Image Manager (HKLM\...\Vivitar Experience Image Manager) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Word Web Deluxe (HKLM\...\BFG-Word Web Deluxe) (Version: - )
Yahoo! BrowserPlus 2.9.2 (HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F499-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4741943-6C4B-4CF7-BF44-A0F4207D1330}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4C68457-E642-4354-8E6E-873076FB9FB6}\InprocServer32 -> C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\YBPAddon_2.9.2.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A5DC33CE-214B-4C26-8596-8A45456C9EB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\SYSTEM32\actxprxy.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D7B70EE0-4340-11CF-B063-0020AFC2CD35}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ED50FC29-B964-48A9-AFB3-15EBB9B97F36}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path

==================== Restore Points =========================

27-03-2015 08:36:48 Scheduled Checkpoint
28-03-2015 08:43:38 Scheduled Checkpoint
28-03-2015 20:46:55 Scheduled Checkpoint
29-03-2015 09:25:27 Windows Update
30-03-2015 17:15:59 Scheduled Checkpoint
31-03-2015 08:23:59 Scheduled Checkpoint
31-03-2015 21:58:02 Scheduled Checkpoint
01-04-2015 16:27:08 Scheduled Checkpoint
02-04-2015 08:41:47 Scheduled Checkpoint
03-04-2015 09:51:58 Windows Update
04-04-2015 11:46:11 Scheduled Checkpoint
05-04-2015 12:52:18 Scheduled Checkpoint
06-04-2015 10:33:38 Scheduled Checkpoint
07-04-2015 07:54:22 Windows Update
08-04-2015 11:09:02 Scheduled Checkpoint
09-04-2015 12:00:48 Scheduled Checkpoint
11-04-2015 09:56:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00028F98-99F8-4772-888E-D0DC1FBEF665} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {00174B35-32E4-44B9-940D-209ED9BACC9E} - System32\Tasks\{73AA2CD6-CAD3-4721-89B5-E3452E6AFAFA} => pcalua.exe -a "C:\Program Files\Tesco Personal Finance\uninstall.exe"
Task: {04A8197C-8FB4-4B06-8CA1-F30F53FC91F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {04F98558-1D21-49F5-98F0-E2CD3B4B3AE0} - System32\Tasks\{BBDD49CB-3815-4BD6-83EE-80159BD9F933} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1C0FBAAA-02E1-4FA0-B68F-A17A2786D8B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {256A0AF9-EB2B-4675-A31E-DA1D00A5FB3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {351B575A-DEC1-4C17-863F-ED487E239FF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-11] (Adobe Systems Incorporated)
Task: {43476512-A033-4A98-9EBA-EB4E8EABBAF8} - System32\Tasks\{59AF0045-13DB-4F00-958F-5FAD84A0C32A} => pcalua.exe -a K:\setup.exe -d K:\
Task: {4B12814A-0278-4AE2-942A-2C2D76FCBB93} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {56A8465F-11BC-4A52-9C59-C6932DB59CEC} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
Task: {67F29650-86CE-4A2D-BC3E-9DB0EACA13CF} - System32\Tasks\{3660E0B3-09A1-4A9A-9284-36C25AA3FE35} => pcalua.exe -a "C:\Program Files\MSN Games\Bricks of Egypt\Uninstall.exe" -c "C:\Program Files\MSN Games\Bricks of Egypt\install.log"
Task: {6D6B60DB-E737-47EC-BB52-BE392745BBEC} - System32\Tasks\{708ED796-EFCC-4AA5-B076-56E5FFECC07D} => pcalua.exe -a "C:\Program Files\PopCap Games\Noah's Ark Deluxe\PopUninstall.exe" -c "C:\Program Files\PopCap Games\Noah's Ark Deluxe\Install.log"
Task: {6EE90EB4-DF32-4B7F-8599-85834E2C9741} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - valerie => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {73562AC1-83E0-465E-AC0D-9A2F9D45EC59} - System32\Tasks\{BF35C40C-9B64-41B7-87AF-DD649973324B} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H803DTMW\BTBroadbandDesktopHelpUpgradeAdvisor[1].exe" -d C:\Users\valerie\Desktop
Task: {7BF1193B-B38C-49F4-A1C9-97C774363A0A} - System32\Tasks\FileCure => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {814AF987-DF13-466A-9BBF-731FA9ED9F19} - System32\Tasks\{3F37112C-66E7-40F1-989D-0B4323D482FB} => pcalua.exe -a "C:\Users\valerie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENJZG3OM\RealArcade-Installer_superjigsawlandscapes_ambient[1].exe" -d C:\Users\valerie\Desktop
Task: {BCE95D7D-5E85-412C-93C2-44B0931DD70A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {CD4A2B41-060F-4B24-8E9C-18BE76B54869} - System32\Tasks\FileCure Startup => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {E8817263-B960-4694-AB18-D90D885080B3} - System32\Tasks\User_Feed_Synchronization-{FD04D118-7ADD-45FF-9BC4-CC3188C3ED40}
Task: {EE03B125-D2BE-45C6-A291-FA1435F5EF9C} - System32\Tasks\Microsoft\Windows\RestartManager\{01F03597-8273-4e5d-9D17-DC769DB71D28} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {F7631F9D-7067-4EB7-A10E-B954351C3BBE} - System32\Tasks\{E47480C0-5F1D-4DB3-9730-5777A95CAED0} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {FD7E32D2-FADB-4899-ADF0-57015DD687FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\FileCure Startup.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\FileCure.job => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-09 18:47 - 2009-03-12 16:45 - 00135168 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-12-09 18:47 - 2008-11-21 14:58 - 00057344 ____N () C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0588E665
AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:96C05DC7
AlternateDataStreams: C:\ProgramData\TEMP:9B9B0020
AlternateDataStreams: C:\ProgramData\TEMP:9F683177
AlternateDataStreams: C:\ProgramData\TEMP:ABCD2B94
AlternateDataStreams: C:\ProgramData\TEMP:ACBEBDAA
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:D03C22B4
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:F5E90ED3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\valerie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^valerie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LXCYCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: lxcymon.exe => "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
MSCONFIG\startupreg: Pareto_Update => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1343853513-471013651-1662923988-500 - Administrator - Disabled)
Guest (S-1-5-21-1343853513-471013651-1662923988-501 - Limited - Enabled)
valerie (S-1-5-21-1343853513-471013651-1662923988-1000 - Administrator - Enabled) => C:\Users\valerie

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LB8UQGW8\FBSTATIC-A.AKAMAIHD.NET\RSRC.PHP\V1\YA\R\IHTYLMRZTQK.SWF\FB_VIDEO_PLAYER.SXX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/11/2015 10:29:17 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/11/2015 10:25:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CACHE.BTRLL.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/11/2015 10:25:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CACHE.BTRLL.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/11/2015 10:00:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c48
Start Time: 01d07433bde7c59a
Termination Time: 9453

Error: (04/10/2015 06:42:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16633, time stamp 0x54e8be59, faulting module Flash32_16_0_0_305.ocx, version 16.0.0.305, time stamp 0x54cff11b, exception code 0xc0000005, fault offset 0x00227c4c,
process id 0x18f0, application start time 0xiexplore.exe0.

Error: (04/10/2015 06:06:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/10/2015 06:06:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#FBSTATIC-A.AKAMAIHD.NET\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/10/2015 10:37:41 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\VALERIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S.YTIMG.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (04/11/2015 09:45:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456

Error: (04/11/2015 09:43:47 AM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

Expiration Reason: %%873

Expiration Date (UTC): ‎11/‎04/‎2015 08:43:46

Error Code: 0x80092003

Error Description: An error occurred while reading or writing to a file.

Error: (04/11/2015 09:43:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: WNMFLT

Error: (04/09/2015 05:21:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456

Error: (04/09/2015 05:20:32 PM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

Expiration Reason: %%873

Expiration Date (UTC): ‎09/‎04/‎2015 16:20:32

Error Code: 0x80092003

Error Description: An error occurred while reading or writing to a file.

Error: (04/09/2015 05:18:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/09/2015 05:17:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: WNMFLT

Error: (04/09/2015 05:17:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:12:21 on 09/04/2015 was unexpected.

Error: (04/09/2015 09:17:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147949456

Error: (04/09/2015 09:17:44 AM) (Source: Microsoft Antimalware) (EventID: 5101) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.

Expiration Reason: %%873

Expiration Date (UTC): ‎09/‎04/‎2015 08:17:44

Error Code: 0x80092003

Error Description: An error occurred while reading or writing to a file.


Microsoft Office Sessions:
=========================
Error: (12/22/2011 10:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/21/2011 01:06:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/12/2011 00:40:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/30/2011 07:09:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/05/2011 00:20:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/01/2011 09:23:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/01/2011 09:21:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/05/2011 00:53:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/26/2010 07:51:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/26/2010 04:49:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-04-11 11:28:32.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-11 11:28:32.233
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-11 11:28:31.703
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-11 11:28:31.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-13 12:11:54.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-13 12:11:54.375
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-13 12:10:12.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-01-13 12:10:11.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 11:56:08.334
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 11:56:07.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\pcContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of memory in use: 63%
Total physical RAM: 2037.44 MB
Available physical RAM: 736.63 MB
Total Pagefile: 4318.13 MB
Available Pagefile: 2897.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.29 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:221.69 GB) (Free:109.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.19 GB) (Free:4.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 063912D2)
Partition 1: (Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-04-11 11:32:12
-----------------------------
11:32:12.326 OS Version: Windows 6.0.6002 Service Pack 2
11:32:12.326 Number of processors: 2 586 0x602
11:32:12.342 ComputerName: REPLACEMENTPC UserName: valerie
11:32:14.261 Initialize success
11:32:14.339 VM: initialized successfully
11:32:14.339 VM: Intel CPU supported
11:32:16.537 VM: disk I/O atapi.sys
11:37:57.300 AVAST engine defs: 15041100
11:38:07.830 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:38:07.846 Disk 0 Vendor: SAMSUNG_SP2514N VF100-50 Size: 238474MB BusType: 3
11:38:07.986 Disk 0 MBR read successfully
11:38:07.986 Disk 0 MBR scan
11:38:08.095 Disk 0 unknown MBR code
11:38:08.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227012 MB offset 23470965
11:38:08.126 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11460 MB offset 63
11:38:08.142 Disk 0 scanning sectors +488392065
11:38:08.220 Disk 0 scanning C:\Windows\system32\drivers
11:38:22.666 Service scanning
11:38:50.122 Modules scanning
11:38:50.122 Disk 0 trace - called modules:
11:38:50.153 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys rassstp.sys tcpip.sys NETIO.SYS
11:38:50.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86865620]
11:38:50.184 3 CLASSPNP.SYS[88bac8b3] -> nt!IofCallDriver -> [0x85271c10]
11:38:50.200 5 acpi.sys[832996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8526bb98]
11:38:53.132 AVAST engine scan C:\Windows
11:38:57.937 AVAST engine scan C:\Windows\system32
11:43:39.065 AVAST engine scan C:\Windows\system32\drivers
11:44:00.764 AVAST engine scan C:\Users\valerie
11:53:12.084 File: C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\68ce22e9-59cafc33 **INFECTED** Win32:SmokeLoader-EG [Trj]
12:02:20.939 AVAST engine scan C:\ProgramData
12:18:45.751 Disk 0 statistics 3127898/0/0 @ 0.77 MB/s
12:18:45.751 Scan finished successfully
12:19:07.872 Disk 0 MBR has been saved successfully to "C:\Users\valerie\Desktop\MBR.dat"
12:19:07.888 The log file has been saved successfully to "C:\Users\valerie\Desktop\aswMBR.txt"


Many thanks.

Juliet
2015-04-11, 22:20
I see a lot going on here.

Please go to add/remove programs. If found remove both of these.
TotalRecipeSearch Firefox Toolbar
TotalRecipeSearch Internet Explorer Toolbar

~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files\TotalRecipeSearch_14
HKLM\...\Run: [TotalRecipeSearch Search Scope Monitor] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [44784 2013-10-09] (MindSpark)
HKLM\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2013-10-09]
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {0633EE93-1111-472f-A0FF-E1416B8B2EAA} URL = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Toolbar BHO -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
BHO: Search Assistant BHO -> {df22384f-cf68-4d19-969f-10423715528b} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [2013-10-09] (MindSpark)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
FF Plugin: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll [2013-10-09] (MindSpark)
FF HKLM\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files\TotalRecipeSearch_14\bar\1.bin
FF Extension: TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013-10-09]
R2 TotalRecipeSearch_14Service; C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2013-10-09] (COMPANYVERS_NAME)
TotalRecipeSearch Firefox Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
TotalRecipeSearch Internet Explorer Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F499-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4741943-6C4B-4CF7-BF44-A0F4207D1330}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A5DC33CE-214B-4C26-8596-8A45456C9EB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D7B70EE0-4340-11CF-B063-0020AFC2CD35}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ED50FC29-B964-48A9-AFB3-15EBB9B97F36}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:0588E665
AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:96C05DC7
AlternateDataStreams: C:\ProgramData\TEMP:9B9B0020
AlternateDataStreams: C:\ProgramData\TEMP:9F683177
AlternateDataStreams: C:\ProgramData\TEMP:ABCD2B94
AlternateDataStreams: C:\ProgramData\TEMP:ACBEBDAA
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:D03C22B4
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:F5E90ED3
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\68ce22e9-59cafc33
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

sunshine&flowerpots
2015-04-12, 18:37
Hi,

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by valerie at 2015-04-12 11:29:22 Run:1
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available profiles: valerie)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe
C:\Program Files\TotalRecipeSearch_14
HKLM\...\Run: [TotalRecipeSearch Search Scope Monitor] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe [44784 2013-10-09] (MindSpark)
HKLM\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader] => C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe [30096 2013-10-09]
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
URLSearchHook: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 - (No Name) - {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {0633EE93-1111-472f-A0FF-E1416B8B2EAA} URL = http://www.pucuy.com/google?q={searchTerms}&sa=Search&cx=partner-pub-3546861938806019:fn51rv5o9ne&cof=FORID%3A10&ie=UTF-8&hl=en
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2452474
SearchScopes: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Toolbar BHO -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
BHO: Search Assistant BHO -> {df22384f-cf68-4d19-969f-10423715528b} -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll [2013-10-09] (MindSpark)
BHO: No Name -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> No File
Toolbar: HKLM - TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll [2013-10-09] (MindSpark)
Toolbar: HKU\S-1-5-21-1343853513-471013651-1662923988-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
FF Plugin: @TotalRecipeSearch_14.com/Plugin -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll [2013-10-09] (MindSpark)
FF HKLM\...\Firefox\Extensions: [14ffxtbr@TotalRecipeSearch_14.com] - C:\Program Files\TotalRecipeSearch_14\bar\1.bin
FF Extension: TotalRecipeSearch - C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013-10-09]
R2 TotalRecipeSearch_14Service; C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe [42504 2013-10-09] (COMPANYVERS_NAME)
TotalRecipeSearch Firefox Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
TotalRecipeSearch Internet Explorer Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F499-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\InprocServer32 -> C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4741943-6C4B-4CF7-BF44-A0F4207D1330}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A5DC33CE-214B-4C26-8596-8A45456C9EB8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D7B70EE0-4340-11CF-B063-0020AFC2CD35}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ED50FC29-B964-48A9-AFB3-15EBB9B97F36}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:0588E665
AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1709732A
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:436BE28C
AlternateDataStreams: C:\ProgramData\TEMP:4A93D042
AlternateDataStreams: C:\ProgramData\TEMP:4CA05B44
AlternateDataStreams: C:\ProgramData\TEMP:569CEE83
AlternateDataStreams: C:\ProgramData\TEMP:571CCF8E
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178
AlternateDataStreams: C:\ProgramData\TEMP:5E209A50
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9
AlternateDataStreams: C:\ProgramData\TEMP:678C1866
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
AlternateDataStreams: C:\ProgramData\TEMP:7B52659E
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:96C05DC7
AlternateDataStreams: C:\ProgramData\TEMP:9B9B0020
AlternateDataStreams: C:\ProgramData\TEMP:9F683177
AlternateDataStreams: C:\ProgramData\TEMP:ABCD2B94
AlternateDataStreams: C:\ProgramData\TEMP:ACBEBDAA
AlternateDataStreams: C:\ProgramData\TEMP:B88DC997
AlternateDataStreams: C:\ProgramData\TEMP:BC8E9899
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:D03C22B4
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:E1D06077
AlternateDataStreams: C:\ProgramData\TEMP:EB68CA55
AlternateDataStreams: C:\ProgramData\TEMP:EC925502
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC
AlternateDataStreams: C:\ProgramData\TEMP:F5E90ED3
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\68ce22e9-59cafc33
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe => Moved successfully.
C:\Program Files\TotalRecipeSearch_14 => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch_14 Browser Plugin Loader => Value not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => value deleted successfully.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2EAA}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-1111-472f-A0FF-E1416B8B2EAA} => Key not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}" => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870} => Key not found.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b} => Key not found.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}" => Key deleted successfully.
HKCR\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} => Value not found.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} => Key not found.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin => Key not found.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com => Value not found.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin => not found.
TotalRecipeSearch_14Service => Service not found.
TotalRecipeSearch Firefox Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION => Error: No automatic fix found for this entry.
TotalRecipeSearch Internet Explorer Toolbar (HKLM\...\TotalRecipeSearch_14bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0C7EFBDE-0303-4C6F-A4F7-31FA2BE5E397}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{0E890F83-5F79-11D1-9043-00C04FD9189D}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{10E2414A-EC59-49D2-BC51-5ADD2C36FEBC}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{16D51579-A30B-4C8B-A276-0FF4DC41E755}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F391-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F499-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3050F67D-98B5-11CF-BB82-00AA00BDCE0B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{30C3B080-30FB-11D0-B724-00AA006C1A01}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4CB26C03-FF93-11D0-817E-0000F87557DB}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{527C9A9B-B9A2-44B0-84F9-F0DC11C2BCFB}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{555278E2-05DB-11D1-883A-3C8B00C10000}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6A01FDA0-30DF-11D0-B724-00AA006C1A01}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{6F237DF9-9DDB-47AD-B218-400D54C286AD}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{7057E952-BD1B-11D1-8919-00C04FC2C836}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{81397204-F51A-4571-8D7B-DC030521AABD}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}" => Key deleted successfully.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} => Key not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}" => Key deleted successfully.
HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750} => Key not found.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A4741943-6C4B-4CF7-BF44-A0F4207D1330}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A5DC33CE-214B-4C26-8596-8A45456C9EB8}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ADC6CB82-424C-11D2-952A-00C04FA34F05}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{D7B70EE0-4340-11CF-B063-0020AFC2CD35}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E77CC89B-7401-4C04-8CED-149DB35ADD04}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{ED50FC29-B964-48A9-AFB3-15EBB9B97F36}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}" => Key deleted successfully.
"HKU\S-1-5-21-1343853513-471013651-1662923988-1000_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}" => Key deleted successfully.
C:\ProgramData\TEMP => ":0588E665" ADS removed successfully.
C:\ProgramData\TEMP => ":10CB85CA" ADS removed successfully.
C:\ProgramData\TEMP => ":12EA4DC9" ADS removed successfully.
C:\ProgramData\TEMP => ":1709732A" ADS removed successfully.
C:\ProgramData\TEMP => ":18DEBC51" ADS removed successfully.
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":436BE28C" ADS removed successfully.
C:\ProgramData\TEMP => ":4A93D042" ADS removed successfully.
C:\ProgramData\TEMP => ":4CA05B44" ADS removed successfully.
C:\ProgramData\TEMP => ":569CEE83" ADS removed successfully.
C:\ProgramData\TEMP => ":571CCF8E" ADS removed successfully.
C:\ProgramData\TEMP => ":57B374AB" ADS removed successfully.
C:\ProgramData\TEMP => ":5C92988B" ADS removed successfully.
C:\ProgramData\TEMP => ":5D17C178" ADS removed successfully.
C:\ProgramData\TEMP => ":5E209A50" ADS removed successfully.
C:\ProgramData\TEMP => ":639BB5E9" ADS removed successfully.
C:\ProgramData\TEMP => ":678C1866" ADS removed successfully.
C:\ProgramData\TEMP => ":6EE8565A" ADS removed successfully.
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully.
C:\ProgramData\TEMP => ":7B52659E" ADS removed successfully.
C:\ProgramData\TEMP => ":8944C195" ADS removed successfully.
C:\ProgramData\TEMP => ":96C05DC7" ADS removed successfully.
C:\ProgramData\TEMP => ":9B9B0020" ADS removed successfully.
C:\ProgramData\TEMP => ":9F683177" ADS removed successfully.
C:\ProgramData\TEMP => ":ABCD2B94" ADS removed successfully.
C:\ProgramData\TEMP => ":ACBEBDAA" ADS removed successfully.
C:\ProgramData\TEMP => ":B88DC997" ADS removed successfully.
C:\ProgramData\TEMP => ":BC8E9899" ADS removed successfully.
C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
C:\ProgramData\TEMP => ":CB16385F" ADS removed successfully.
C:\ProgramData\TEMP => ":D03C22B4" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\TEMP => ":E1D06077" ADS removed successfully.
C:\ProgramData\TEMP => ":EB68CA55" ADS removed successfully.
C:\ProgramData\TEMP => ":EC925502" ADS removed successfully.
C:\ProgramData\TEMP => ":EDE28CFC" ADS removed successfully.
C:\ProgramData\TEMP => ":F5E90ED3" ADS removed successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\68ce22e9-59cafc33 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 762.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:27:48 ====

AdwCleaner log:

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 16:09:15
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : valerie - REPLACEMENTPC
# Running from : C:\Users\valerie\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Users\valerie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\valerie\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\valerie\AppData\Roaming\iWin
Folder Deleted : C:\Users\valerie\AppData\Roaming\registry mechanic

***** [ Scheduled tasks ] *****

Task Deleted : filecure startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Google Chrome v41.0.2272.118

[C:\Users\valerie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5459 bytes] - [12/04/2015 16:03:29]
AdwCleaner[S0].txt - [5459 bytes] - [12/04/2015 16:09:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5518 bytes] ##########


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by valerie on 12/04/2015 at 16:29:32.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}



~~~ Files

Successfully deleted: [Task] FileCure.job
Successfully deleted: [Task] FileCure
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Users\valerie\AppData\Roaming\regwork"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\Program Files\regwork"
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{04EB52C8-0C8F-44D9-9156-2770A2D86D56}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{04EDF8F5-E96D-456A-ABD4-18BD94ECFE4C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{063AF91B-1F36-42F0-90F0-D6A4360BC5DE}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{06C32725-7C9F-4F31-B8DE-00D9E93DC69F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{090BB9AD-9A11-4E24-9546-4DC285C1F52A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{0B99216B-7E69-4154-9F7C-89944624085F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{0E956482-FE5B-47B0-8DBA-FCCFC2813512}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{0F442FE5-73AA-44CE-A8E0-E6001A8BA7C3}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{10243947-3D28-44E9-9343-F505CD642E6C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{10F632D3-C036-437B-B63E-52C1CF7F3853}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{121579BE-4B17-41D8-B13C-1A6FC812F1B9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{17E59B62-F017-47EE-8138-7037D232CB33}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{17F28877-5678-4C51-ADE4-D349018C94AA}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{1D1BA3C7-41DC-43FB-BCB1-497ED5362BC8}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{20E77D58-407B-4333-9BF5-678F2CDBF404}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{24FD5016-144A-4529-A8BE-029656373E25}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{269F8C5D-B7EB-4620-A968-C80D164EE9CF}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{2A123878-797A-468B-95E1-2D955D671107}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{2C3BDD5E-902C-4EDF-A7C8-355E99D0B589}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{2D085EDA-AB43-418F-A75C-D2C688537DAB}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{2D2F6AA9-DAFA-4570-B0AE-7EEB14ADA1A7}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{305AA1CC-1B40-4CDE-9854-7675BE9E68EC}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{32B5448F-7860-4D1B-9DD3-1673720F6888}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{32CA66DC-EC20-4E20-A560-003041983DF6}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{336C6D76-74AE-4740-BEFC-AE15A441C089}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{374F7382-D32F-4FA7-9C5C-FE7F9BBBF0E6}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{385830DC-A0D4-4565-A1FA-9FCA9810A77B}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{39E22AEE-D524-465B-8ED2-FF14262E6538}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{3BD7D64D-A0CF-4D55-B6BB-2131CAD44F47}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{3BEB606E-518E-4EA9-98A5-9EAF87FA0B10}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{40288341-E5D6-4EB0-A3EB-9A4840D3D22B}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{42724848-9833-4823-84C1-C3D3E41D9B27}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{44255686-52AE-4C0E-BED6-C212CC59CFB0}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{44CEF0AF-73EC-4F71-A444-40A5AEEB9E03}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{4738D68E-0D6F-4651-9A07-9F66260D0997}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{47C5907D-BDC2-45C6-88E2-63DA63B97AB9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{49A177D6-0C26-4F92-9BF1-BB68835A5650}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{51831206-7D0C-49A2-92F4-89F5EDF14CBC}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{53981338-E5F1-48BC-9BF7-6B6CBF49197A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{54BC3C08-8FB7-46D8-86D0-E419AE7578C7}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{55A2CED0-6A2B-4F64-93FA-78FA7637110B}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{59913B9D-F1F6-4953-947A-A469A3FA5978}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{5A20E0CA-3A78-4B88-A758-843FD2AD13B7}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{5C2EF58D-A190-44D1-8738-74E5FD06C2D8}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{5CAC595A-B267-462A-9EFE-5E47926CB25D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{5DF2F5F5-B48C-4475-B74C-CF4256EF57AD}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{5E255C8E-5FF9-4457-8E6F-0FE0ABB486BD}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{603A2079-AB34-4B23-BC45-91B58F6DB8B2}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{617ED1D3-BFE8-489F-9698-EA79A8854B7F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{639CB27F-813A-49A0-AB77-F333480B236F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{65B29B01-3DB3-4611-90C1-6413199D23E5}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{68172BEF-EB0C-4656-B453-4F151D91D1CA}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{6924A047-B3BE-4A7E-9D5A-F4061E9B4C07}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{69481FF6-54C5-478E-936C-DB7B3084FC48}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{6EFD8E12-19E1-4D52-86D6-4E8D576EC340}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7071E4BD-1EC8-47E5-85E3-FE83A7A4555F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{70BA3306-241B-4611-A59D-5820DE0F72D6}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7142E0FD-DEF8-43B4-8CA4-E3CEF228F56A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{718C496C-A7CB-4320-ACF0-97E235068723}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7808CC32-ADC0-46D4-B6A8-67DA7C5E0A2D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{784B7EE2-64BF-4A47-9AD7-F5C60B2E5E92}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{787FFB1B-357B-4A46-A5C5-A380182B44C0}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7933F7B2-9D7F-4B04-AB68-DBAA190D10EF}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{79783C55-184D-40C1-AF60-4858EDE2037D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{79D47502-BA2A-4AE9-8E74-88012810D113}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{79F8228C-F9D1-463B-AAFD-1BCAACC98A5A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7AC2EEE9-4FEE-4657-8E8C-3B7E7B8B5C4D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7B1B95A6-C01A-4F15-BFF3-9AC9F6BAFABA}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7B62C542-E7CF-430C-A640-312ED2099334}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7CC581EE-E02A-493B-9727-9AE4561A3F86}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7D251CB0-B59D-45C9-AAC5-40D6702D2A82}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{7DD68C8C-517B-4B10-A504-D3CDD2D848C5}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{81930EA4-7E4C-4327-BED3-3D49006D210F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{85F9D9AC-806B-4379-8423-4BB6BC9398A9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{87BA295E-DC95-41E4-9C05-FC78F4878F7C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{87D5EEC3-7302-4BB5-8841-7F83C12DBAB9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{884D69B6-F622-4578-A63D-EA32EB8270F0}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{894642D5-13DF-40CD-8047-98CFA10EE091}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{8A834FC9-6F42-4406-85CF-A1207BE94633}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{8B66DA90-42A5-4EB4-8A1B-BA683B3B9187}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{8D98C95E-C623-46EE-9091-5225D2A8B46B}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{90CD661B-E499-451B-B707-02F83726DE37}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{92030726-392C-4C14-9574-923F957D4A28}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{92A5FE34-9488-4CC0-8AF4-91852EE7EA03}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{9377178B-1B78-4451-9AF3-168C7C85C39D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{999E57D9-D8F4-4B2D-841C-DE8F5C4EB38C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{9AACA67D-96E0-4F99-ACDE-3D5F936516B8}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{9C3D2CB1-74A5-49A5-9749-B5A01C797D79}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{9EA00AE3-42F8-427B-AA2A-AA892D60C4B2}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{A06F1816-C2DE-4948-855B-864C195189F3}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{A7B087D1-C513-413C-AE28-AA64BE9D24D1}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{A8E4D0AC-C564-4391-B126-34663E246E45}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{AB188543-F3DF-4B72-86A9-9326ACA5CA78}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{ACEBE670-3967-43B5-A547-8F9F7B947F4E}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{ADED41A5-1C65-48C0-9233-FA57B2C8C6EF}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B0FB8F6C-142A-48D1-80C9-0A8359CA89EC}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B661E19A-734B-4275-BA11-C57241C87990}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B72F228F-8416-490D-A201-BD5A05BB28A6}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B841F2E1-BC5D-4089-9FFD-0E9A677F696A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B8E6CD27-9C82-4A65-AFC2-D3019B5EDB7F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B92547D1-F026-4D42-A6C0-B5513D2E41EF}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B9B0C7DA-B023-4142-9B01-53A19E1A2473}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B9F521FB-40BA-4A93-9228-58122236010A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{B9F5C072-C189-46F9-B276-4479569440CD}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BA523FC9-CD16-4011-BE86-05D1324587E6}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BA75065E-0965-445C-817B-AA197A78AFFE}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BDE90DC2-D272-4C34-B182-AA3BF0ECA131}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BEA272BB-49F7-4B40-92D4-0ECD1073E022}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BF40CA5C-6B02-42A4-9740-A641E3CFF771}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{BF5A3CBB-4285-4208-B0DF-FB6D18A615DC}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C0E32D1B-0B5D-4083-8A7F-36F1C5760226}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C2C0F8EC-7375-4D8F-940F-F99BF8D313A1}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C5987B87-4980-4031-BE18-2D3F3E9CA4A1}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C6092EE8-95C1-4007-8B68-969B0638ED39}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C6904B90-2789-46F8-9E0F-2F89B3A90800}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{C6B4EE39-8D52-4239-ABEC-23F7953FC59C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CA84F4B1-8D99-403C-86E6-89856080417D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CB15DD1B-6AC3-4CF4-892C-1A7A39845C40}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CB9409F0-2B49-4A49-8384-A1EF5C555B25}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CD2E5B48-52E1-4084-AF7F-8A02B1CC1CEB}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CD331B10-23E3-4EE1-8D86-0B877382F04F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CF0690D4-340B-47A7-9669-3E5A979CCD5D}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CF0CD3F2-FADD-4D9A-B74D-E1B1AA7A7A75}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CF9C5D2D-B4E2-4928-AE81-F2C635F1CB57}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{CFB989DB-343E-4BEC-8B83-159B5B2192B5}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D0B4EAFE-71D5-41D1-B3C3-A5B823F42DDA}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D2209D40-E354-4C1E-84EF-AB8C441D3EA3}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D5AF3BFC-0427-407C-8547-EA4863AF67B4}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D630B70B-6FB9-4679-AFC3-B31B603A7299}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D84C7841-FDCA-4F03-966B-C4AE7144363A}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{D9535845-7F8D-4F3D-BF19-AC3C53CDF281}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{DEFA2B4F-E676-48E3-95CC-E4A2B823115E}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{E09A53CA-6E99-4668-9C82-3A8769ACCE03}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{E22D6A44-B793-41BD-BC21-EE86BE34FEE7}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{E3A2F31B-45BB-409D-BE75-F41B9040D9B9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{E652841C-825F-44AF-BFE5-15B2D2A359D8}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{E9029428-5674-440D-B0A8-BD18D73333C0}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{EBE90903-51C9-429C-905C-72EE76B30A8C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{ECAE78C9-16C5-443D-BA26-77CF41B03673}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{EDB27D54-5E50-4DF4-93CF-A73ACF55D61E}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{F2A4BA7C-EC4B-4C59-AF96-BE1B27EA08E7}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{F3B79AA8-3BBC-4743-BED3-0E07257B60F9}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{F4E40EB5-92FB-4E52-9143-E501E0652F84}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{F5DF49F2-C448-4089-BC7F-A1F6084C9CC5}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FA39574B-43E7-4A7B-B552-A6FB2E9DC870}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FC4F6017-EA71-4F6B-91FD-5567902FA8BD}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FC74B6BE-291E-42C1-8D7E-9E0246913F7F}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FCD616C2-E5B3-4DA8-94E7-C734DAAB7127}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FD952E90-FD02-4F85-8730-FF038667062C}
Successfully deleted: [Empty Folder] C:\Users\valerie\appdata\local\{FDAC4B15-86E1-4C10-BD07-ABAF15B77EE8}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/04/2015 at 16:31:49.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2015-04-13, 00:10
Please download Malwarebytes Anti-Malware (http://downloads.malwarebytes.org/file/mbam) and save it to your desktop.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


After running the above scan let me know how the computer is now.

sunshine&flowerpots
2015-04-13, 11:54
Hi,

I have mbam on the computer but I can't open it -

On start up error msg:- Runtime Error Invalid call or argument. Then says to uninstall, reboot computer, then install. When I try to uninstall I get Runtime Error (at-1:0) Cannot import dll:c\Program Files\mam\mbam.dll

sunshine&flowerpots
2015-04-13, 11:57
I forgot to mention earlier that there are also have problems with Java - keep getting updates but when I try to update it says to removed infected files., then nothing happens.

Juliet
2015-04-13, 12:48
What I think we need to do is, run the MBAM removal tool, then re-download.
The computers antivirus is probably interfering as well.

You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)

please see the following: MBAM Clean Removal Process 2x (https://forums.malwarebytes.org/index.php?showtopic=146017)
When reinstalling the program please try the latest version (http://www.malwarebytes.org/mwb-download/).

and save it to your desktop.

Double-click on the setup file (mbam-setup.exe), then click on Run to install.
Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
Click on Update Now to download the current database definitions, then click the Scan Now >> button.
If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
You will be prompted to update Malwarebytes...click on the Update Now button.
The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd



~~~~~~~~~~~~~~~~

At this time please ignore the Java pop ups or we can uninstall it, then download the most current version.

sunshine&flowerpots
2015-04-15, 01:23
Hi here is the mbam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/04/2015
Scan Time: 22:34:41
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.14.06
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: valerie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301531
Time Elapsed: 10 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
the pages are opening quicker.
only issue adobe keeps wanting to allow access .every time I accept it keeps coming up.

Juliet
2015-04-15, 12:57
Looking good.


Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here (http://www.foxitsoftware.com/pdf/reader/addons.php). It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.



- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.169 when available...

For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_plugin.exe

Flash test site: http://www.adobe.com/software/flash/about/

~~~~~~~~~~~~~~~~~~~~~


What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.


Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

sunshine&flowerpots
2015-04-17, 00:54
Hi,

I'm replying from my computer as my dads keeps hanging when trying to upload message to Spybot. He managed to copy & paste report into email & forward it to me.

Uninstalled Adobe Reader.

Updated Adobe Flash Player - but prompts asking to allow program still keep appearing even if he selects "do not show me this message", when opening web pages - i.e BT Open world home page, Hotmail - these are the only two he's used for now.

Exported log file, but was unable to attach it as comp kept hanging (left it for an hour and nothing happened except blank screen).

Here's the ESET log:

Eset log

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe.xBAD Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14bar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14brstub.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application

C:\FRST\Quarantine\C\Program Files\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application

C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\valerie\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2522d6cb-51727cbf Java/Agent.DU trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5adc8ecb-68fd50c7 a variant of Java/Exploit.CVE-2011-3544.AO trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\67b8e50d-318f1afd Java/Exploit.CVE-2011-3544.AW trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\34da9697-55ad39d9 a variant of Java/Exploit.CVE-2011-3544.AW trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b9b465b-349f0691 Java/Exploit.CVE-2012-0507.BN trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\51a00022-647d41c5 multiple threats

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-4fd1fa2f Java/Exploit.CVE-2012-0507.BR trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6f0aa3aa-59e28241 Java/Exploit.Agent.NCI trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\511c2e2f-28e933c2 Java/Exploit.Agent.NAW trojan

C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\209caf7f-3e8471b1 multiple threats

Many thanks.

Juliet
2015-04-17, 01:19
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe
C:\Users\valerie\AppData\Local\Temp\APNSetup.exe
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2522d6cb-51727cbf
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5adc8ecb-68fd50c7
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\67b8e50d-318f1afd
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\34da9697-55ad39d9
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b9b465b-349f0691
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\51a00022-647d41c5
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-4fd1fa2f
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6f0aa3aa-59e28241
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\511c2e2f-28e933c2
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\209caf7f-3e8471b1
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~`

I want you to go to add/remove programs list and uninstall Java.
After thats done please go here and download the most current version
https://java.com/en/download/

It might ask you to run a java run file which is expected. Then it might ask you to confirm your version.

~~~~~~~~~~~~~~`

Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


~~~~~~~~~~~~~~
Please post
Fixlog.txt
HJT log

don't be worried over not attaching, copy and paste to the topic is preferred.

sunshine&flowerpots
2015-04-17, 13:49
Hi
here is the fixlogFix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by valerie at 2015-04-17 10:56:13 Run:2
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available profiles: valerie)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe
C:\Users\valerie\AppData\Local\Temp\APNSetup.exe
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2522d6cb-51727cbf
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5adc8ecb-68fd50c7
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\67b8e50d-318f1afd
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\34da9697-55ad39d9
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b9b465b-349f0691
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\51a00022-647d41c5
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-4fd1fa2f
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6f0aa3aa-59e28241
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\511c2e2f-28e933c2
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\209caf7f-3e8471b1
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe => Moved successfully.
"C:\Users\valerie\AppData\Local\Temp\APNSetup.exe" => File/Directory not found.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\2522d6cb-51727cbf => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5adc8ecb-68fd50c7 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\67b8e50d-318f1afd => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\34da9697-55ad39d9 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5b9b465b-349f0691 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\51a00022-647d41c5 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\58dc5268-4fd1fa2f => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\6f0aa3aa-59e28241 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\511c2e2f-28e933c2 => Moved successfully.
C:\Users\valerie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\209caf7f-3e8471b1 => Moved successfully.
EmptyTemp: => Removed 34.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:57:46 ====

Juliet
2015-04-17, 13:58
Were you able to run HJT?

Did you uninstall then reinstall Java?

sunshine&flowerpots
2015-04-17, 23:56
hi
uninstalled & installed java. all ok. still got problems with flash player asking to run.
here's hjt log
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:48:17, on 17/04/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16636)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\valerie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80150
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: BT Help Wizard - Alcatel-Lucent - C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
O23 - Service: Google Update Service (gupdate1c95fd8b90ceb00) (gupdate1c95fd8b90ceb00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8848 bytes

Juliet
2015-04-18, 00:48
I want you to go to add/remove programs list and uninstall
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80150
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80150
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O3 - Toolbar: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe

Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.


O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\Users\valerie\AppData\Local\Temp\E_S59C8.tmp" /EF "HKCU"


*****
Reboot the computer to set the registry.



~~~~~~~~~~~~~~`

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
Task: {211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {351B575A-DEC1-4C17-863F-ED487E239FF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-11] (Adobe Systems Incorporated)
Task: {56A8465F-11BC-4A52-9C59-C6932DB59CEC} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
Task: {7BF1193B-B38C-49F4-A1C9-97C774363A0A} - System32\Tasks\FileCure => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {CD4A2B41-060F-4B24-8E9C-18BE76B54869} - System32\Tasks\FileCure Startup => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater
C:\Program Files\AskPartnerNetwork
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


~~~~~~~~~~~~~~~

Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

Please post
Fixlog.txt

Also tell me what the computer is doing now.

sunshine&flowerpots
2015-04-18, 02:16
Hi
uninstalled adobe flash player.
here is hjt fixlist and log.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by valerie at 2015-04-17 23:59:45 Run:3
Running from C:\Users\valerie\Desktop
Loaded Profiles: valerie (Available profiles: valerie)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {351B575A-DEC1-4C17-863F-ED487E239FF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-11] (Adobe Systems Incorporated)
Task: {56A8465F-11BC-4A52-9C59-C6932DB59CEC} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
Task: {7BF1193B-B38C-49F4-A1C9-97C774363A0A} - System32\Tasks\FileCure => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: {CD4A2B41-060F-4B24-8E9C-18BE76B54869} - System32\Tasks\FileCure Startup => C:\Program Files\ParetoLogic\FileCure\FileCure.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater
C:\Program Files\AskPartnerNetwork
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{211BF276-F39D-4FB3-9EA0-FFD4B93B7A0F}" => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Registration => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Registration" => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{351B575A-DEC1-4C17-863F-ED487E239FF5} => Key not found.
C:\Windows\System32\Tasks\Adobe Flash Player Updater not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56A8465F-11BC-4A52-9C59-C6932DB59CEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56A8465F-11BC-4A52-9C59-C6932DB59CEC}" => Key deleted successfully.
C:\Windows\System32\Tasks\ParetoLogic Update Version2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ParetoLogic Update Version2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BF1193B-B38C-49F4-A1C9-97C774363A0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BF1193B-B38C-49F4-A1C9-97C774363A0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\FileCure not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FileCure" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4A2B41-060F-4B24-8E9C-18BE76B54869} => Key not found.
C:\Windows\System32\Tasks\FileCure Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FileCure Startup => Key not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
"C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" => File/Directory not found.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater => Moved successfully.

"C:\Program Files\AskPartnerNetwork" directory move:

Could not move "C:\Program Files\AskPartnerNetwork" directory. => Scheduled to move on reboot.

Could not move "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" => Scheduled to move on reboot.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 67.8 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-18 00:03:36)<=

C:\Program Files\AskPartnerNetwork => Moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe => Is moved successfully.

==== End of Fixlog 00:04:28 ====

Juliet
2015-04-18, 03:43
How is the computer now?

sunshine&flowerpots
2015-04-19, 11:48
Hi
Computer is working fine now thank you.

Juliet
2015-04-19, 13:54
http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet
2015-04-22, 13:04
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.