Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adobe flash player, redirect virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adobe flash player, redirect virus?

Unread postby bullydogg » September 26th, 2014, 10:49 am

I am constantly getting the message to download the most current version of AFP on any website that a animation needs to be played. The pages where this is displayed usually is half blank except with the suggestion of downloading/installing AFP. On my computer I am using Windows 7 Ultimate and running IE 11. I do no gaming, just common internet stuff, e-mail, surfing the web.

Below is the two files you requested the DDS.txt and attach.txt.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2012 5:21:34 PM
System Uptime: 9/25/2014 4:41:48 PM (4 hours ago)
.
Motherboard: ASRock | | N68-VS3 UCC
Processor: AMD Sempron(tm) 145 Processor | CPUSocket | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 119.656 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP371: 9/9/2014 4:44:58 PM - Removed iTunes
RP372: 9/9/2014 6:11:54 PM - Installed iTunes
RP373: 9/9/2014 8:41:45 PM - Removed iTunes
RP374: 9/9/2014 8:44:15 PM - Removed Apple Software Update
RP375: 9/9/2014 8:45:07 PM - Removed Apple Mobile Device Support
RP376: 9/9/2014 8:45:56 PM - Removed Bonjour
RP377: 9/9/2014 8:46:29 PM - Removed Apple Application Support
RP378: 9/10/2014 8:41:29 AM - Installed iTunes
RP379: 9/10/2014 8:58:55 AM - Windows Update
RP380: 9/10/2014 10:50:40 AM - Windows Update
RP381: 9/16/2014 8:52:56 AM - Windows Update
RP382: 9/19/2014 1:24:52 PM - Windows Update
RP384: 9/21/2014 7:21:57 PM - Windows Live Essentials
RP385: 9/23/2014 7:05:49 PM - Windows Update
RP386: 9/23/2014 11:03:51 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Packages
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.09)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
D3DX10
eReg
Google Chrome
Google Update Helper
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Support Solutions Framework
HP Update
iTunes
Java 7 Update 67
Java Auto Updater
Junk Mail filter update
Logitech SetPoint 6.51
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MotoHelper MergeModules
Mozilla Maintenance Service
Mozilla Thunderbird 31.1.1 (x86 en-GB)
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Panda Devices Agent
Panda Free Antivirus
Panda Security Toolbar
Panda Security URL Filtering
Photo Common
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
swMSM
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/25/2014 8:47:59 AM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
9/25/2014 8:45:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
9/25/2014 8:45:56 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/25/2014 6:53:30 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
9/25/2014 6:53:30 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
9/25/2014 6:53:30 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Sigman at 20:04:51 on 2014-09-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1791.871 [GMT -5:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Auslogics Software Antivirus *Disabled/Updated* {9D597EDF-9709-7A6C-033B-62DAA438FEB2}
SP: Auslogics Software Antispyware *Disabled/Updated* {26389F3B-B133-75E2-398B-59A8DFBFB40F}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uProxyOverride = 192.168.*.*;*.local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
mRun: [PSUAMain] "c:\program files\panda security\panda security protection\PSUAMain.exe" /LaunchSysTray
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3D937AC6-47D1-461A-9919-2909B2B5F9DF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3D937AC6-47D1-461A-9919-2909B2B5F9DF}\14454543932343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3D937AC6-47D1-461A-9919-2909B2B5F9DF}\379676D657E646 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{523DA5FF-2CF5-427A-858D-0CC356A1CCE9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DF72D4C-F4DC-49FA-9754-77F0E01DFF59} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A9C34619-CA64-4153-B2EC-6763A2FA4C6E} : DHCPNameServer = 24.159.64.23 24.178.162.3 71.9.127.107
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-10-7 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-10-7 175176]
R1 NNSALPC;NNSALPC;c:\windows\system32\drivers\NNSAlpc.sys [2014-6-4 88992]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\drivers\NNSHttp.sys [2014-6-18 166816]
R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\drivers\NNSHttps.sys [2014-6-4 110624]
R1 NNSIDS;NNSIDS;c:\windows\system32\drivers\NNSIds.sys [2014-6-4 125216]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2014-1-16 40192]
R1 NNSPICC;NNSPICC;c:\windows\system32\drivers\NNSpicc.sys [2014-6-4 96160]
R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\drivers\NNSPihsw.sys [2014-6-4 61984]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\drivers\NNSPop3.sys [2014-6-4 121888]
R1 NNSPROT;NNSPROT;c:\windows\system32\drivers\NNSProt.sys [2014-6-4 288032]
R1 NNSPRV;NNSPRV;c:\windows\system32\drivers\NNSPrv.sys [2014-6-4 208800]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\drivers\NNSSmtp.sys [2014-6-4 109856]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\drivers\NNSStrm.sys [2014-6-4 244000]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\drivers\NNStlsc.sys [2014-6-4 96928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2014-7-24 166432]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
R2 NanoServiceMain;Panda Free Antivirus Service;c:\program files\panda security\panda security protection\PSANHost.exe [2014-7-24 141560]
R2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;c:\programdata\panda security url filtering\panda_url_filteringb.exe -- --> c:\programdata\panda security url filtering\Panda_URL_Filteringb.exe -- [?]
R2 PandaAgent;Panda Devices Agent;c:\program files\panda security\panda devices agent\AgentSvc.exe [2014-7-23 61688]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2014-7-24 137760]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2014-7-24 103456]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2014-7-24 112160]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2014-7-24 122912]
R2 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2014-7-24 98336]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda security protection\PSUAService.exe [2014-7-24 38136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [2012-1-27 16690]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]
R3 panda_url_filteringd;panda_url_filteringd driver;c:\programdata\panda security url filtering\Panda_URL_Filteringd.sys [2014-2-18 40024]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-1-26 1617408]
R3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\drivers\VWan2K.sys [2012-1-27 29228]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2012-1-26 1656960]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-12-20 66832]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-8-31 49856]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-10 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-28 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-7-21 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-26 1343400]
.
=============== Created Last 30 ================
.
2014-09-25 13:45:56 48736 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2014-09-24 00:05:55 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-19 01:36:20 -------- d-----w- c:\users\sigman\appdata\roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2014-09-12 09:43:10 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-09-10 16:03:00 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 14:19:15 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 14:19:15 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 14:12:45 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 14:12:43 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 14:12:39 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 14:12:37 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 13:42:37 -------- d-----w- c:\program files\iPod
2014-09-10 13:42:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 13:42:31 -------- d-----w- c:\program files\iTunes
2014-09-10 13:40:50 -------- d-----w- c:\program files\Bonjour
2014-09-09 23:36:37 -------- d-----w- c:\programdata\panda_url_filtering
2014-09-09 23:36:35 -------- d-----w- c:\programdata\Panda Security URL Filtering
2014-09-09 23:36:05 -------- d-----w- c:\program files\Toolbar Cleaner
2014-09-09 23:35:50 -------- d-----w- c:\program files\pandasecuritytb
2014-09-09 23:35:44 -------- d-----w- c:\users\sigman\appdata\roaming\Panda Security
2014-09-09 23:35:03 -------- d-----w- c:\program files\Panda Security
2014-09-09 21:48:21 98540 ----a-w- c:\programdata\1410299273.bdinstall.bin
2014-09-09 21:47:53 36433 ----a-w- c:\programdata\1410299270.bdinstall.bin
2014-09-06 00:39:43 -------- d-----w- c:\program files\Motive
2014-09-05 22:56:13 -------- d-----w- c:\programdata\BoostSoftware
2014-09-01 03:49:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-09-01 03:20:50 49856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-09-01 03:18:51 -------- d-----w- c:\users\sigman\appdata\roaming\Search Protection
2014-08-31 20:06:09 -------- d-----w- c:\users\sigman\appdata\local\{955AC618-A678-425F-933D-4FF024DDE064}
2014-08-31 17:29:42 23256 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2014-08-31 17:29:08 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-08-31 17:29:08 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-08-31 17:29:08 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-08-31 17:29:08 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-08-31 17:28:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-08-31 17:28:25 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-08-31 17:28:05 -------- d-----r- c:\users\sigman\OneDrive
2014-08-31 17:28:04 -------- d-----w- c:\program files\Microsoft OneDrive
2014-08-31 17:27:37 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-08-29 19:19:14 -------- d-----w- c:\users\sigman\appdata\local\Adobe
2014-08-28 13:48:59 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 13:48:59 2352640 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2014-09-24 20:34:09 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-19 01:36:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 01:36:39 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-15 14:06:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-08-13 21:21:24 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-08-10 23:10:14 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-28 19:52:00 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 19:52:00 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-07-25 07:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 18:24:07 98336 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2014-07-24 18:24:07 122912 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2014-07-24 18:24:06 166432 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2014-07-24 18:24:06 112160 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2014-07-24 18:23:41 137760 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2014-07-24 18:23:41 103456 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-07 15:56:43 324577 ----a-w- c:\programdata\1404741813.bdinstall.bin
2014-06-30 22:14:53 8856 ----a-w- c:\windows\system32\icardres.dll
.
============= FINISH: 20:05:35.44 ===============

I hope this is correct

Sig.
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm
Advertisement
Register to Remove

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 28th, 2014, 7:05 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection.
  • Now click on Create.
  • Give the new restore point a name like "Start Fix", then click Create again.
  • Now click OK.

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Quick question, are you aware of this Proxy, did you set it yourself?
uProxyOverride = 192.168.*.*;*.local

Let me know in your next reply.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Proxy, did you set it?
  • AdwCleaner
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 28th, 2014, 10:23 am

Hello Cypher,

Thank you for volunteering to help me clean up my computer issues.
ok, the UproxyOverRide I did not know it existed nor did I set it up.

Cypher I think I have all the scan logs that you requested.
If I missed one please let me know which one and I will definitely rerun it and post it as soon as I read the reply from you. Here are the scans: Adware and FRST.

# AdwCleaner v3.310 - Report created 28/09/2014 at 09:04:01
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Sigman - SIGMUND-PC
# Running from : C:\Users\Sigman\Downloads\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\SpeedMaxPc
Folder Deleted : C:\Users\Sigman\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sigman\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Sigman\AppData\Local\iWin
Folder Deleted : C:\Users\Sigman\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Sigman\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sigman\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Sigman\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Sigman\AppData\LocalLow\iac
Folder Deleted : C:\Users\Sigman\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Sigman\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Sigman\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Sigman\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Sigman\AppData\Roaming\SpeedMaxPc
File Deleted : C:\Users\Sigman\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Sigman\AppData\LocalLow\SkwConfig.bin

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309761
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-office-word-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-office-word-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Vittalia
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm343^YYA^us&si=TFRR500081038_39382075&ptb=B3AA4513-F1FC-4CCD-B8FE-FEDA8F5ADAF6&ind=2014051119&n=780bfb2f&psa=&st=sb&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://websearch.shopathome.com/?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
Deleted [Search Provider] : hxxp://www.mystart.com/results.php?pr=v ... ch_4792&q={searchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=

*************************

AdwCleaner[R0].txt - [7458 octets] - [28/09/2014 08:38:59]
AdwCleaner[R1].txt - [7518 octets] - [28/09/2014 09:02:40]
AdwCleaner[S0].txt - [7615 octets] - [28/09/2014 09:04:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7675 octets] ##########
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014
Ran by Sigman at 2014-09-28 08:48:08
Running from C:\Users\Sigman\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Auslogics Software Antivirus (Disabled - Up to date) {9D597EDF-9709-7A6C-033B-62DAA438FEB2}
AS: Auslogics Software Antispyware (Disabled - Up to date) {26389F3B-B133-75E2-398B-59A8DFBFB40F}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Packages (HKCU\...\Adobe Flash Packages) (Version: - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 en-GB)) (Version: 31.1.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.0.10 - Panda Security)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.1.4 - Panda Security)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.6 - Reimage)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.0 - Tweaking.com)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2125914593-2673472216-1242065460-1003_Classes\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}\InprocServer32 -> C:\Program Files\RadioRage_4j\bar\1.bin\4jSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-2125914593-2673472216-1242065460-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\UpdatusUser\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx No File

==================== Restore Points =========================

10-09-2014 13:41:29 Installed iTunes
10-09-2014 13:58:55 Windows Update
10-09-2014 15:50:40 Windows Update
16-09-2014 13:52:56 Windows Update
19-09-2014 18:24:52 Windows Update
22-09-2014 00:21:57 Windows Live Essentials
24-09-2014 00:05:49 Windows Update
24-09-2014 04:03:51 Windows Update
28-09-2014 13:10:12 start fix
28-09-2014 13:11:41 START FIX
28-09-2014 13:12:34 START FIX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {151CB4BF-13A1-40E8-AB3D-0E20AFED16D7} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {185FFADF-52F3-4FA7-B111-4FDFE5B40C53} - System32\Tasks\ReclaimerUpdateXML_Sigman => C:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-22] (RealNetworks, Inc.)
Task: {401CD7B8-9433-417B-A2DE-F41A59C9C7AD} - System32\Tasks\Health-Check-auto => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {547EA0DE-7A36-4525-8DB4-2D643C3D3380} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2125914593-2673472216-1242065460-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {63441B9A-6C6A-4F62-A875-FC79E12C7ADB} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {6469AD8D-EF3B-4902-B85D-1CB240E81B58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-18] (Adobe Systems Incorporated)
Task: {6689B89F-C730-4238-8AE7-DF6825C7FE07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6912850F-DC6D-4D2E-95D3-54C67DA8560D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8e9022b8aa3e => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {696616C3-C4AC-4BB8-9A37-A3CD9D181CA8} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {7B441475-7671-4E5C-A2D5-ACCA4CD8CA9A} - System32\Tasks\McAfee Cleanup => C:\Users\Sigman\AppData\Local\Temp\MCPR\mccleanup.exe <==== ATTENTION
Task: {8B0F24AB-B998-4189-A4DE-8E02E3D8F4E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {94671470-EEF7-47F5-8369-FC10301609E4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2125914593-2673472216-1242065460-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9A25149C-8BE1-4E38-A907-B3CC4A47838A} - System32\Tasks\ReclaimerResumeInstall_Sigman => C:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-22] (RealNetworks, Inc.)
Task: {A153F532-5621-4464-BDBB-250A2CB3FF07} - System32\Tasks\Health-Check-deep => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {A25060BB-A189-44C8-BF33-8D33433DE827} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2125914593-2673472216-1242065460-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BDAA5D78-D94A-4066-9DDA-E342D1F7680E} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {BE855666-11CF-48DE-9BB1-EFEF50F377F3} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe
Task: {C50E65F6-EA7F-4E32-90F4-365E5F015538} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2125914593-2673472216-1242065460-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DCA38D3E-30A0-40DF-9196-E3E8433BF80E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2125914593-2673472216-1242065460-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EC5D5735-7061-4154-AD07-D083DFEED049} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F18ABBB5-5D14-4CEF-847B-E110E0ECBF3F} - System32\Tasks\Health-Check => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
Task: {F8CE58F2-1988-457E-B301-FCE6AE282358} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28] (Reimage®)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e9022b8aa3e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McAfee Cleanup.job => C:\Users\Sigman\AppData\Local\Temp\MCPR\mccleanup.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Sigman.job => C:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-04-13 00:44 - 2013-01-31 04:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

========================= Accounts: ==========================

Administrator (S-1-5-21-2125914593-2673472216-1242065460-500 - Administrator - Disabled)
Guest (S-1-5-21-2125914593-2673472216-1242065460-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2125914593-2673472216-1242065460-1002 - Limited - Enabled)
Sigman (S-1-5-21-2125914593-2673472216-1242065460-1000 - Administrator - Enabled) => C:\Users\Sigman
UpdatusUser (S-1-5-21-2125914593-2673472216-1242065460-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/27/2014 10:04:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Faulting module name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Exception code: 0xc0000005
Fault offset: 0x0000a180
Faulting process id: 0xa28
Faulting application start time: 0xrnupgagent.exe0
Faulting application path: rnupgagent.exe1
Faulting module path: rnupgagent.exe2
Report Id: rnupgagent.exe3

Error: (09/27/2014 10:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Faulting module name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Exception code: 0xc0000005
Fault offset: 0x0000a180
Faulting process id: 0x1634
Faulting application start time: 0xrnupgagent.exe0
Faulting application path: rnupgagent.exe1
Faulting module path: rnupgagent.exe2
Report Id: rnupgagent.exe3

Error: (09/27/2014 03:21:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2014 03:20:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/27/2014 03:19:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/26/2014 10:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Faulting module name: rnupgagent.exe, version: 10.6.0.33, time stamp: 0x5397570f
Exception code: 0xc0000005
Fault offset: 0x0000a180
Faulting process id: 0x15bc
Faulting application start time: 0xrnupgagent.exe0
Faulting application path: rnupgagent.exe1
Faulting module path: rnupgagent.exe2
Report Id: rnupgagent.exe3

Error: (09/26/2014 01:45:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5163438

Error: (09/26/2014 01:45:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5163438

Error: (09/26/2014 01:45:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 00:19:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4297


System errors:
=============
Error: (09/28/2014 08:04:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (09/28/2014 08:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/28/2014 08:03:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/28/2014 08:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/28/2014 08:03:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/28/2014 08:03:02 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (09/28/2014 08:03:02 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (09/28/2014 08:02:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (09/28/2014 08:02:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (09/28/2014 08:02:47 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (09/27/2014 10:04:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rnupgagent.exe10.6.0.335397570frnupgagent.exe10.6.0.335397570fc00000050000a180a2801cfdac8d9fb75f0C:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exeC:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe1e65b5e1-46bc-11e4-8b59-002522f1a16c

Error: (09/27/2014 10:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rnupgagent.exe10.6.0.335397570frnupgagent.exe10.6.0.335397570fc00000050000a180163401cfdac8d9fb75f0C:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exeC:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe19b0cd75-46bc-11e4-8b59-002522f1a16c

Error: (09/27/2014 03:21:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (09/27/2014 03:20:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\common files\Logishrd\sp6_uninstall\tools\64\AddBrowsers.exe

Error: (09/27/2014 03:19:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1050 J410 series\DriverStore\Pipeline\amd64\hpinkins8911.exe

Error: (09/26/2014 10:04:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rnupgagent.exe10.6.0.335397570frnupgagent.exe10.6.0.335397570fc00000050000a18015bc01cfd9ffaf9c8a0fC:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exeC:\Users\Sigman\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exeef573edf-45f2-11e4-9db6-002522f1a16c

Error: (09/26/2014 01:45:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5163438

Error: (09/26/2014 01:45:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5163438

Error: (09/26/2014 01:45:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 00:19:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4297


==================== Memory info ===========================

Processor: AMD Sempron(tm) 145 Processor
Percentage of memory in use: 48%
Total physical RAM: 1791.3 MB
Available physical RAM: 924.5 MB
Total Pagefile: 3582.61 MB
Available Pagefile: 2478.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.53 MB

==================== Drives ================================

Drive c: (Alabama160) (Fixed) (Total:148.95 GB) (Free:120.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CC29CC29)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 28th, 2014, 11:03 am

Hi,
Thank you for volunteering to help me clean up my computer issues.

You're most welcome.
ok, the UproxyOverRide I did not know it existed nor did I set it up.

That's what i needed to know.
I think I have all the scan logs that you requested.
If I missed one please let me know which one and I will definitely rerun it and post it as soon as I read the reply from you.

You posted the FRST Addition.txt, but you forgot to post the FRST.txt contents.
Post the FRST.txt contents in your next reply.
If you can't locate it run the scan again.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 28th, 2014, 1:02 pm

Sorry Cypher.
Here is the FRST.TXT file:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014
Ran by Sigman (administrator) on SIGMUND-PC on 28-09-2014 09:28:56
Running from C:\Users\Sigman\Downloads
Loaded Profiles: Sigman & UpdatusUser (Available profiles: Sigman & UpdatusUser & Guest)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
HKLM\...\Run: [Panda Security URL Filtering] => "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2125914593-2673472216-1242065460-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2125914593-2673472216-1242065460-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2125914593-2673472216-1242065460-1000\...\MountPoints2: {43cbf6e6-301b-11e3-8420-002522f1a16c} - E:\setup.exe -a
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U220DHP&pc=U220
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
SearchScopes: HKCU - B7A514DA250441C4A9C30C370282E961 URL = http://search.yahoo.com/search?fr=mcafe ... A011US0&p={SearchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {D93BFA84-639E-4DA2-B756-DC7F66425C01} URL = https://search.yahoo.com/search?fr=sp_t ... =711278&p={searchTerms}
SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll No File
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-02]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-04]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR CustomProfile: C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-14]
CHR Extension: (Google Drive) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google Search) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (Google Wallet) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (Gmail) - C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
R2 panda_url_filteringService; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [235576 2014-05-05] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMBFilt; C:\Windows\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-10-14] ()
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-10-14] ()
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-12-20] (BitDefender SRL)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30392 2012-09-18] (Logitech, Inc.)
S3 MonFilt; C:\Windows\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [137760 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103456 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [166432 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [112160 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [122912 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [98336 2014-07-24] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1617408 2009-11-25] (VIA Technologies, Inc.)
R2 VProt2k; C:\Windows\System32\DRIVERS\VProt2k.SYS [16690 2003-05-10] (Motive) [File not signed]
R3 VWan2k; C:\Windows\System32\DRIVERS\VWan2k.SYS [29228 2003-05-10] (Motive) [File not signed]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 09:06 - 2014-09-28 09:06 - 00007755 _____ () C:\Users\Sigman\Desktop\AdwCleaner[R1].txt
2014-09-28 09:05 - 2014-03-25 08:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-09-28 08:49 - 2014-09-28 08:49 - 00035321 _____ () C:\Users\Sigman\Desktop\FRST.txt
2014-09-28 08:48 - 2014-09-28 08:48 - 00028162 _____ () C:\Users\Sigman\Downloads\Addition.txt
2014-09-28 08:48 - 2014-09-28 08:48 - 00028162 _____ () C:\Users\Sigman\Desktop\Addition.txt
2014-09-28 08:46 - 2014-09-28 09:28 - 00017316 _____ () C:\Users\Sigman\Downloads\FRST.txt
2014-09-28 08:46 - 2014-09-28 08:46 - 00001115 _____ () C:\Users\Sigman\Desktop\FRST.exe - Shortcut.lnk
2014-09-28 08:45 - 2014-09-28 09:29 - 00000000 ____D () C:\FRST
2014-09-28 08:44 - 2014-09-28 08:45 - 01100288 _____ (Farbar) C:\Users\Sigman\Downloads\FRST.exe
2014-09-28 08:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-28 08:38 - 2014-09-28 09:04 - 00000000 ____D () C:\AdwCleaner
2014-09-28 08:38 - 2014-09-28 08:38 - 00001227 _____ () C:\Users\Sigman\Desktop\adwcleaner_3.310.exe - Shortcut.lnk
2014-09-28 08:36 - 2014-09-28 08:36 - 01373475 _____ () C:\Users\Sigman\Downloads\adwcleaner_3.310.exe
2014-09-28 08:34 - 2014-09-28 08:34 - 00002195 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-28 08:33 - 2014-09-28 08:33 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-28 08:32 - 2014-09-28 08:33 - 04215184 _____ () C:\Users\Sigman\Downloads\tweaking.com_registry_backup_setup.exe
2014-09-28 08:27 - 2014-09-28 08:30 - 00000000 ____D () C:\rei
2014-09-28 08:27 - 2014-09-28 08:30 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-28 08:27 - 2014-09-28 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-28 08:24 - 2014-09-28 08:30 - 00000137 _____ () C:\Windows\Reimage.ini
2014-09-26 13:46 - 2014-09-26 13:57 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 20:05 - 2014-09-25 20:05 - 00016883 _____ () C:\Users\Sigman\Desktop\dds.txt
2014-09-25 20:05 - 2014-09-25 20:05 - 00005206 _____ () C:\Users\Sigman\Desktop\attach.txt
2014-09-25 20:04 - 2014-09-25 20:04 - 00688992 ____R (Swearware) C:\Users\Sigman\Downloads\dds.scr
2014-09-24 14:47 - 2014-09-24 14:47 - 00029566 _____ () C:\Users\Sigman\Documents\lfp_pmts_asof_08272014.xlsm
2014-09-23 19:17 - 2014-09-23 19:17 - 00002169 _____ () C:\Users\Sigman\Desktop\bi-foldwhiskey2(1).jpg - Shortcut.lnk
2014-09-23 19:05 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 20:36 - 2014-09-18 20:36 - 00000000 ____D () C:\Users\Sigman\AppData\Roaming\0D1G1I1Q1B2Z1C1V0A1N1N1C1P1N1T2Z1F1C
2014-09-10 11:04 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 11:04 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 11:04 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 11:04 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 11:04 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 11:04 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 11:04 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 11:04 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 11:04 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 11:04 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 11:04 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 11:04 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 11:04 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 11:04 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 11:04 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 11:04 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 11:04 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 11:04 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 11:04 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 11:04 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 11:04 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 11:04 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 11:04 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 11:04 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 11:04 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 11:04 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 11:04 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 11:04 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 11:04 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 11:04 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 11:03 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 09:19 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:19 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:12 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:12 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:12 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:12 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:43 - 2014-09-10 08:43 - 00001763 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 08:43 - 2014-09-10 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 08:42 - 2014-09-10 08:43 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 08:42 - 2014-09-10 08:43 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 08:42 - 2014-09-10 08:42 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 08:41 - 2014-09-10 08:41 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-10 08:41 - 2014-09-10 08:41 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-09-10 08:40 - 2014-09-10 08:42 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-10 08:40 - 2014-09-10 08:40 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-09 21:36 - 2014-09-09 21:59 - 111264592 _____ (Apple Inc.) C:\Users\Sigman\Downloads\iTunesSetup.exe
2014-09-09 18:36 - 2014-09-28 09:05 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2014-09-09 18:36 - 2014-09-09 18:36 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2014-09-09 18:35 - 2014-09-09 18:36 - 00000000 ____D () C:\Program Files\pandasecuritytb
2014-09-09 18:35 - 2014-09-09 18:35 - 00000000 ____D () C:\Users\Sigman\AppData\Roaming\Panda Security
2014-09-09 18:35 - 2014-09-09 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-09-09 18:35 - 2014-09-09 18:35 - 00000000 ____D () C:\Program Files\Panda Security
2014-09-09 18:20 - 2014-09-09 18:20 - 01329312 _____ () C:\Users\Sigman\Downloads\PANDAFREEAV.exe
2014-09-09 16:48 - 2014-09-09 16:48 - 00098540 _____ () C:\ProgramData\1410299273.bdinstall.bin
2014-09-09 16:47 - 2014-09-09 16:47 - 00036433 _____ () C:\ProgramData\1410299270.bdinstall.bin
2014-09-05 19:39 - 2014-09-06 09:08 - 00000000 ____D () C:\Program Files\Motive
2014-09-05 17:56 - 2014-09-05 18:14 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-08-31 22:49 - 2014-09-26 17:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-31 22:49 - 2014-08-31 22:49 - 00002046 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-31 22:20 - 2014-09-21 19:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-08-31 22:20 - 2014-03-31 21:36 - 00049856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-08-31 15:13 - 2014-09-05 17:20 - 00013005 _____ () C:\Windows\IE11_main.log
2014-08-31 15:06 - 2014-08-31 15:06 - 00000000 ____D () C:\Users\Sigman\AppData\Local\{955AC618-A678-425F-933D-4FF024DDE064}
2014-08-31 12:35 - 2014-09-21 19:27 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-08-31 12:35 - 2014-08-31 12:35 - 00000020 _____ () C:\Windows\0ôb
2014-08-31 12:29 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-08-31 12:29 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-08-31 12:29 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-08-31 12:29 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-08-31 12:28 - 2014-08-31 12:28 - 00000000 ___RD () C:\Users\Sigman\OneDrive
2014-08-31 12:28 - 2014-08-31 12:28 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2014-08-31 12:28 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-08-31 12:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-08-31 12:27 - 2014-08-31 12:27 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-08-31 12:16 - 2014-08-31 14:44 - 01239752 _____ (Microsoft Corporation) C:\Users\Sigman\Downloads\wlsetup-web.exe
2014-08-29 14:19 - 2014-09-25 19:46 - 00000000 ____D () C:\Users\Sigman\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-28 09:13 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 09:13 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 09:05 - 2014-08-10 18:35 - 00119946 _____ () C:\Windows\PFRO.log
2014-09-28 09:05 - 2014-07-21 16:04 - 00007348 _____ () C:\Windows\setupact.log
2014-09-28 09:05 - 2014-02-12 18:32 - 01411840 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 09:05 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 09:04 - 2013-12-03 12:47 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-09-28 08:39 - 2014-01-23 23:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 22:52 - 2014-08-23 15:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 22:04 - 2014-06-24 22:16 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Sigman.job
2014-09-24 20:45 - 2014-01-23 23:59 - 00002139 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 19:36 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Performance
2014-09-24 15:34 - 2014-08-18 08:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 10:27 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-23 20:00 - 2014-02-21 10:11 - 00222720 ___SH () C:\Users\Sigman\Desktop\Thumbs.db
2014-09-22 19:34 - 2014-05-08 09:17 - 00001269 _____ () C:\Users\Sigman\Desktop\USEFUL NUMBERS.TXT
2014-09-21 19:19 - 2014-02-27 11:08 - 00139776 ___SH () C:\Users\Sigman\Downloads\Thumbs.db
2014-09-18 20:36 - 2014-06-23 10:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-18 20:36 - 2014-06-23 10:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-16 20:54 - 2014-01-20 22:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-15 09:06 - 2012-01-27 20:59 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-10 12:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 11:02 - 2013-07-19 10:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 10:57 - 2012-01-26 22:10 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 10:56 - 2014-04-29 21:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 08:40 - 2012-02-20 20:25 - 00000000 ____D () C:\ProgramData\Apple
2014-09-09 20:52 - 2009-07-13 23:33 - 00299960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-09 18:35 - 2012-05-28 15:12 - 00000000 ____D () C:\ProgramData\Panda Security
2014-09-09 18:35 - 2012-01-25 17:32 - 00058488 _____ () C:\Users\Sigman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 09:06 - 2009-07-13 23:53 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-05 17:20 - 2012-09-19 19:21 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-03 07:18 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 14:35 - 2012-06-02 15:04 - 00000000 ____D () C:\Users\Sigman\AppData\Local\Thunderbird
2014-08-31 22:53 - 2013-07-27 19:33 - 00000632 __RSH () C:\Users\Sigman\ntuser.pol
2014-08-31 22:53 - 2012-01-25 18:21 - 00000000 ____D () C:\Users\Sigman
2014-08-31 22:49 - 2013-07-02 13:29 - 00002058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-31 22:21 - 2012-01-28 20:06 - 00000000 ____D () C:\Users\Sigman\AppData\Local\Windows Live
2014-08-31 22:20 - 2012-01-28 20:08 - 00000000 ____D () C:\Program Files\Windows Live
2014-08-31 21:53 - 2012-12-03 18:33 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-08-31 14:58 - 2012-02-21 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-31 12:29 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

Some content of TEMP:
====================
C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 10:45

==================== End Of Log ============================
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 28th, 2014, 2:31 pm

Hi,
Continue with the instructions below.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Panda Security Toolbar

Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKLM\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
    SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
    SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
    SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
    Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
    CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
    S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll
    C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
    C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe
    AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
    AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
    AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe as filename fixlist.txt.
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • zoek-results.log
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 28th, 2014, 5:13 pm

Cyper, while the Zoek scan was running this error message popped up : PEVZ.EXE has stopped working
here is the Zoek results:
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll
C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU

EmptyTemp:
CMD: ipconfig /flushdns

Fixlist results:
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll
C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU

EmptyTemp:
CMD: ipconfig /flushdns

Cyper my computer seems to be reacting a bit faster.
is there anything specific you want me to look for while using the computer?
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 29th, 2014, 5:28 am

Hi,
It looks like the FRST fix you ran has failed to work so we need to run it again.
First thing i need you to do is move FRST.exe to your Dektop.
You currently have it saved to your Downloads folder.
Running from C:\Users\Sigman\Downloads

Once you have moved FRST to your desktop run the fix again.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKLM\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
    SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
    SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
    SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
    Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
    CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
    S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll
    C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
    C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
    C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe
    AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
    AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
    AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt.
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

You failed to post the results of the zoek scan, locate the log and post it in your next reply.
You will find the zoek log on your C: drive named "zoek-results.log"
Click Start > Computer > C:.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • zoek-results.log
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 29th, 2014, 1:14 pm

Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014
Ran by Sigman at 2014-09-28 15:25:09 Run:1
Running from C:\Users\Sigman\Downloads
Loaded Profiles: Sigman & UpdatusUser (Available profiles: Sigman & UpdatusUser & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User: Group Policy restriction detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
SearchScopes: HKCU - 07EB159AFBC84FDEB39485858421CB00 URL = http://search.conduit.com/Results.aspx? ... CDFF99D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YX^xdm002^YY^us&si=CK2gr8nLn7QCFQ2znQodqWgAbw&ptb=3B2B31F8-EA8D-40A8-9CAA-F448158A3B8C&ind=2012121613&n=77ee8a0d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {41D7D6F8-DCCA-4455-B803-58A278BC5655} URL = http://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {BF94C558-C62C-48D4-B2E8-F7DE11C596B2} URL = http://websearch.shopathome.com?user_id={C6D3174E-FEE5-47DC-9CBD-E697CF5E004A}&q={searchTerms}
SearchScopes: HKCU - {fddc24ee-af19-487d-a321-cb25a93e656b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309767&CUI=UN11379035163226023&UM=2
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
S2 HPSLPSVC; C:\Users\Sigman\AppData\Local\Temp\7zS3A98\hpslpsvc32.dll
C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe
C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe
C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe
AlternateDataStreams: C:\ProgramData\TEMP:0C65EA0E
AlternateDataStreams: C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE:BDU
AlternateDataStreams: C:\Users\Sigman\Downloads\setup (2).exe:BDU

EmptyTemp:
CMD: ipconfig /flushdns

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2125914593-2673472216-1242065460-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key deleted successfully.
"HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fddc24ee-af19-487d-a321-cb25a93e656b}" => Key deleted successfully.
"HKCR\CLSID\{fddc24ee-af19-487d-a321-cb25a93e656b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\07EB159AFBC84FDEB39485858421CB00" => Key deleted successfully.
"HKCR\CLSID\07EB159AFBC84FDEB39485858421CB00" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key deleted successfully.
"HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41D7D6F8-DCCA-4455-B803-58A278BC5655}" => Key deleted successfully.
"HKCR\CLSID\{41D7D6F8-DCCA-4455-B803-58A278BC5655}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF94C558-C62C-48D4-B2E8-F7DE11C596B2}" => Key deleted successfully.
"HKCR\CLSID\{BF94C558-C62C-48D4-B2E8-F7DE11C596B2}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF94C558-C62C-48D4-B2E8-F7DE11C596B2}" => Key not found.
"HKCR\CLSID\{BF94C558-C62C-48D4-B2E8-F7DE11C596B2}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fddc24ee-af19-487d-a321-cb25a93e656b}" => Key deleted successfully.
"HKCR\CLSID\{fddc24ee-af19-487d-a321-cb25a93e656b}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} => Value not found.
"HKCR\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
"C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
HPSLPSVC => Service deleted successfully.
C:\Users\Sigman\AppData\Local\Temp\CloudBackup3985.exe => Moved successfully.
C:\Users\Sigman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Sigman\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Sigman\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\ProgramData\TEMP => ":0C65EA0E" ADS removed successfully.
C:\Users\Sigman\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE => ":BDU" ADS removed successfully.
"C:\Users\Sigman\Downloads\setup (2).exe" => ":BDU" ADS not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 794.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Zoek-results:
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Sigman on Sun 09/28/2014 at 15:37:50.44.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sigman\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

9/28/2014 3:40:25 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2125914593-2673472216-1242065460-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D93BFA84-639E-4DA2-B756-DC7F66425C01} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ReimageRealTimeProtector deleted successfully

==== Deleting Files \ Folders ======================

C:\prefs.js deleted
C:\PROGRA~2\Reimage Protector deleted
C:\Users\Sigman\AppData\Local\CRE deleted
C:\rei deleted
C:\Users\Sigman\Downloads\oi_setupmsi.exe deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\Reimage.ini deleted
C:\Windows\system32\tasks\ReimageUpdater deleted
C:\Windows\system32\tasks\RunAsStdUser Task deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\AI_RecycleBin deleted
"C:\Users\Sigman\AppData\Roaming\rmi" deleted
"C:\Users\Sigman\AppData\Roaming\mIRC" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/10/2013 08:43 PM]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 04:24 PM]

Google Voice Search Hotword (Beta) - Sigman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Chromium Fix ======================

C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.al.com_0.localstorage deleted successfully
C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tnvalleysearch.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=U220DHP&pc=U220"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=U220DHP&pc=U220"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{4DF445E1-2B03-4390-8B0D-E37E4F687462} Bing Url="http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair deleted successfully

==== Empty IE Cache ======================

C:\Users\Sigman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sigman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Sigman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=43 folders=14 9230270 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Sigman\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sigman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sun 09/28/2014 at 15:58:59.82 ======================
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 29th, 2014, 1:16 pm

Cyper I sent both fixlog and zoek results.

please advise if this is correct


Sig
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 29th, 2014, 1:34 pm

Cypher,

FYI, I am at home and will check e-mail every hour or so.

Sig
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 29th, 2014, 1:59 pm

Hi,
Cyper I sent both fixlog and zoek results.

Good work well done.
Cyper my computer seems to be reacting a bit faster.
is there anything specific you want me to look for while using the computer?

I am constantly getting the message to download the most current version of AFP on any website that a animation needs to be played. The pages where this is displayed usually is half blank except with the suggestion of downloading/installing AFP.

Are you still having any problems with your computer, is the above problem still present ?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 29th, 2014, 3:30 pm

Cypher
I am still getting the download Adobe Flash Player on all sites that want to play an animation.
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby bullydogg » September 29th, 2014, 3:54 pm

Cyper I just went to my local news channel website to the video page and this is what I got:

You need to download the latest version of flash player to use this player

Sig.

(also downloaded latest version of the player prior to going there)
bullydogg
Regular Member
 
Posts: 20
Joined: September 25th, 2014, 9:10 pm

Re: Adobe flash player, redirect virus?

Unread postby Cypher » September 29th, 2014, 3:56 pm

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Adobe Flash Packages
Adobe Flash Player 15

Now reboot your computer.

Next.

Download and reinstall Adobe Flash Player from Here
Note: Uncheck install McAfee Security Scan Plus

Still having problems?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware