# Found Bomgar related file on computer



## simr (May 13, 2013)

Hi, I found a .tmp (temp) file in my *Appdata/Local* folder, and I submitted it to VirusTotal and it said in the results (in the file detail tab) that it's from Bomgar software.

Here's a quote from a Wikipedia article on Bomgar software:

[WEBQUOTE="http://en.wikipedia.org/wiki/Bomgar"]...technology support professionals can access and control systems and devices remotely, including personal computers, smartphones, tablets, servers, switches, point-of-sale systems and others.[/WEBQUOTE]
I never used this service on my computer, so a temp file from it on my computer worries me a bit.
Does anyone know how it could have ended up on my computer?

Thank you in advance!


----------



## simr (May 13, 2013)

Hi, what do I make out of this interesting and strange find by Avast (see attachment) and Virus Total?

Thank you very much in advance!


----------



## etaf (Oct 2, 2003)

i have merged your two threads together here


----------



## simr (May 13, 2013)

Okay.
Could anyone help me with the strange file found above, and the program Avast and Virus Total flagged?
Thank you.


----------



## Satchfan (Jan 12, 2009)

Hello *simr* and welcome to the *TSG *forum.

My name is *Satchfan* and I would be glad to help you with your computer problem.

*Please read the following guidelines which will help to make cleaning your machine easier:*


please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. *Absence of symptoms does not mean that everything is clear*
all logs/reports, etc. must be posted in *Notepad*. Please ensure that *word wrap is unchecked*. In Notepad click *Format*, uncheck *Word wrap* if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for *this* issue on *this* machine
please reply within 3 days. If you do not reply within this period I will post a reminder but *topics with no reply in 4 days will be closed!* 

*IMPORTANT*:

Please *DO NOT* install/uninstall any programs unless asked to. 
Please *DO NOT* run any scans other than those requested

*Run RogueKiller*

*IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs. *

Download *RogueKiller* to your desktop


 close all running programs 
 *for Windows Vista/Seven, right click -> run as administrator*, for XP simply double-click on *RogueKiller.exe* 
 when the pre-scan is finished, click on *Scan*
 click on Report and copy/paste the content in your next post
*NOTE: DO NOT attempt to remove anything that the scan detects everything that is reported is not necessarily bad* 

If the program is blocked, continue to try it several times. If it still doesnt work, (it could happen), rename it to *winlogon.exe*.

Please post the contents of the *RKreport.txt* in your next reply.

Satchfan


----------



## simr (May 13, 2013)

1) My K9 filter is blocking me from downloading the program when I click the above link, (actual URL being blocked is
*sur-la-toile.com/RogueKiller/RogueKiller.exe*), I just want to make sure I should override K9's warning?
2) Is it okay if I run it "as administrator" from a limited user account?

Thank you very much Satchfan!


----------



## Satchfan (Jan 12, 2009)

Run as Administrator; disable K9 temporarily if it interferes with any of the tools we run.


----------



## simr (May 13, 2013)

Okay, I just wanted to make sure it's fine to run in the limited account as long as it's "run as administrator" it doesn't have to be in the admin account.

Will do.


----------



## simr (May 13, 2013)

Below is the log.
Just wanted to say that it said x64 even though I have a 32-bit Vista (see attachment).

Thank you.

------------------------------
RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : sim [Administrator]
Mode : Scan -- Date : 12/04/2014 19:16:32

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 29 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Sim\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Sim\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\Users\Sim\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb -> 
Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Internet Explorer\Main | Start Page : about:tabs -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll? 
prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A97CE5F-D62E-4696-BF58-DA828C8D6A37} | DhcpNameServer : 66.233.174.12 [UNITED STATES 
(US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A97CE5F-D62E-4696-BF58-DA828C8D6A37} | DhcpNameServer : 66.233.174.12 [UNITED STATES 
(US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8A97CE5F-D62E-4696-BF58-DA828C8D6A37} | DhcpNameServer : 66.233.174.12 [UNITED STATES 
(US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8A97CE5F-D62E-4696-BF58-DA828C8D6A37} | DhcpNameServer : 66.233.174.12 [UNITED STATES 
(US)] -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081 
-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72 
-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081 
-101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081- 
101B-9F08-00AA002F954E} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72- 
44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081- 
101B-9F08-00AA002F954E} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 46e46edc884177b2c1f8f3c59c91f5d5
[BSP] f6e3acd04269e6293e45dcf8f564a7a8 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 227333 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465580032 | Size: 11138 MB
User = LL1 ... OK
User = LL2 ... OK

------------------------------


----------



## Satchfan (Jan 12, 2009)

Thanks for the log simr but to see more about what is on your computer well have to have some more scans.

*Note*: Please run these in the order given in the instructions.

===================================================

*Download and run AdwCleaner *

Download AdwCleaner from *here* and save it to your desktop.


run AdwCleaner 
when it has finished, select *Clean*
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

*Download and run Junkware Removal Tool *








Please download *Junkware Removal Tool *to your desktop.


shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

===================================================

*Run Farbar Recovery Scan Tool*

Please download Farbar Recovery Scan Tool and save it to your Desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.
press *Scan* button
it will produce a log called *FRST.txt* in the same directory the tool is run from
please copy and paste log back here.
the first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

*AdwCleaner log
JRT.txt
FRST.txt 
Addition.txt*

Thanks

Satchfan


----------



## simr (May 13, 2013)

Okay. Just want to let you know that I forgot to move RogueKiller to my desktop, and ran it from my "Downloads" folder, is that okay?

Can I delete RogueKiller?

Regarding FRST, I used it before and there's still a folder left over in my "Local Disk" C: drive, so will it still generate the Addition.txt log?


----------



## Satchfan (Jan 12, 2009)

I can always see where you have run anything from and will let you know if/when there is a problem.


Please just follow the instructions - we'll deal with all the tools we've run when your computer is clean.


Satchfan


----------



## simr (May 13, 2013)

Okay I started the scanning processes.

While I start, I thinks I should bring these Virus Total conclusions to your attention to make they are false-positives which one would assume they probably are.
FRST
AdwCleaner
JRT


----------



## simr (May 13, 2013)

*AdwCleaner log:*
-----------------------------------------------------------------

# AdwCleaner v4.104 - Report created 04/12/2014 at 20:27:39
# Updated 05/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : sim - MyPC
# Running from : C:\Users\Main\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v39.0.2171.71

[C:\Users\sim2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\sim2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\sim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\sim\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1678 octets] - [04/12/2014 20:09:06]
AdwCleaner[S0].txt - [1583 octets] - [04/12/2014 20:27:39]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [1643 octets] ##########

-----------------------------------------------------------------

*FRST.txt:*

-----------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
Ran by Sim (administrator) on MYPC on 04-12-2014 20:44:47
Running from C:\Users\Main\Desktop
Loaded Profiles: Sim & Main (Available profiles: Sim & Sim2 & Main & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
() C:\Program Files\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [1721 2014-12-04] ()
HKU\S-1-5-21-2102505673-468953021-716528560-1108\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2102505673-468953021-716528560-1108\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-2102505673-468953021-716528560-1108\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2102505673-468953021-716528560-1000\User: Group Policy restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-2102505673-468953021-716528560-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2102505673-468953021-716528560-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2102505673-468953021-716528560-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKU\S-1-5-21-2102505673-468953021-716528560-1108\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
SearchScopes: HKLM -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {B1984A3F-EB1D-46B6-95D2-7F2A92C5F85C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_enUS390
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1108 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1108 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1108 -> {60A4E56C-445B-47E9-8637-F329433B1DB3} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sim\AppData\Roaming\Mozilla\Firefox\Profiles\pr5vufly.Sim
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2102505673-468953021-716528560-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Sim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2102505673-468953021-716528560-1001: @talk.google.com/O1DPlugin -> C:\Users\Sim\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2102505673-468953021-716528560-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Sim\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Sim\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-02-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-07]
FF HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sim\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Sim\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sim\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2014-11-22] (Avast Software)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1949400 2014-01-24] (Blue Coat Systems, Inc.)
S3 CACLEARWIRE; C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2010-05-25] (SmithMicro Inc.)
S3 clearwireDeviceDiagnosticsService; C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [399872 2010-04-19] () [File not signed]
S3 CLEARWIRERcAppSvc; C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe [120144 2010-05-25] (SmithMicro Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-26] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
S3 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SMSI Device Launch Service; C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2010-05-25] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-22] ()
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-22] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-22] ()
R2 bckd; C:\Windows\System32\drivers\bckd.sys [106712 2014-01-24] (Blue Coat Systems, Inc.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [319488 2010-03-26] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [51456 2010-03-26] (Beceem communications pvt ltd.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2014-11-22] (Avast Software)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Sim\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 20:44 - 2014-12-04 20:45 - 00018204 _____ () C:\Users\Main\Desktop\FRST.txt
2014-12-04 20:15 - 2014-12-04 20:44 - 00000000 ____D () C:\Users\Main\Downloads\Tools
2014-12-04 20:13 - 2014-12-04 20:13 - 01110016 _____ (Farbar) C:\Users\Main\Desktop\FRST.exe
2014-12-04 20:09 - 2014-12-04 20:40 - 00000000 ____D () C:\AdwCleaner
2014-12-04 20:09 - 2014-12-04 20:36 - 00000110 _____ () C:\AdwCleanerDebug.txt
2014-12-04 19:00 - 2014-12-04 19:00 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-04 14:15 - 2014-12-04 16:15 - 00000087 _____ () C:\Users\Main\Documents\Ref..txt
2014-12-02 13:26 - 2014-12-02 13:26 - 00000000 ____D () C:\Users\Main\AppData\Roaming\JAM Software
2014-11-30 13:31 - 2014-11-30 13:31 - 00000707 _____ () C:\Users\Sim\Downloads\''Main'' Downloads.lnk
2014-11-29 20:40 - 2014-11-29 20:40 - 00000689 _____ () C:\Users\Sim\Documents\''Main'' Documents.lnk
2014-11-23 19:18 - 2014-11-23 19:18 - 00000000 ____D () C:\Users\Main\AppData\Local\Clearwire
2014-11-23 18:05 - 2014-11-23 18:05 - 00000000 ____D () C:\Users\Main\Documents\Step It Up
2014-11-23 14:55 - 2014-11-23 14:55 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Template
2014-11-23 14:54 - 2014-11-23 14:54 - 00000000 _____ () C:\Users\Main\AppData\Roaming\wklnhst.dat
2014-11-22 22:55 - 2014-11-22 22:55 - 00000247 _____ () C:\Windows\system32\2014-11-23-03-55-26.076-aswFe.exe-1836.log
2014-11-22 22:55 - 2014-11-22 22:55 - 00000197 _____ () C:\Windows\system32\2014-11-23-03-55-02.082-AvastVBoxSVC.exe-5232.log
2014-11-22 21:50 - 2014-11-22 21:50 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 21:11 - 2014-11-22 21:10 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 21:10 - 2014-11-22 21:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-21 14:51 - 2014-11-21 14:51 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-11-19 13:12 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-17 19:23 - 2014-11-17 19:23 - 00000000 ____D () C:\Users\Main\AppData\Local\Apple Computer
2014-11-16 14:41 - 2014-11-17 21:48 - 00000294 _____ () C:\Users\Main\Documents\Vbs.vbs
2014-11-11 20:05 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 20:05 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 20:05 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 20:05 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 20:05 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 20:05 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 20:04 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 20:03 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 20:03 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 20:00 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 20:00 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 20:00 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 20:00 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 20:00 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:44 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 18:19 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 18:19 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 18:19 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 18:19 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 18:19 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 18:19 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 18:19 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 18:19 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 18:19 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 18:19 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 18:19 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 18:19 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 18:19 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 18:19 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 18:19 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 18:19 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 18:19 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 18:19 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 18:19 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 18:19 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 18:18 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-10 23:24 - 2014-11-10 23:24 - 00000000 ____D () C:\Users\Main\AppData\Roaming\PDF Writer
2014-11-10 23:24 - 2014-11-10 23:24 - 00000000 ____D () C:\Users\Main\AppData\Local\PDF Writer
2014-11-09 18:31 - 2014-11-09 18:46 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Syncios
2014-11-09 18:31 - 2014-11-09 18:32 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Apple Computer
2014-11-09 18:31 - 2014-11-09 18:31 - 00000000 ____D () C:\Users\Main\Documents\Syncios
2014-11-05 12:52 - 2014-11-05 12:52 - 00000000 ____D () C:\Users\Sim\AppData\Local\Apple
2014-11-05 12:46 - 2014-11-05 12:46 - 00000000 ___HD () C:\Users\Main\Documents\Any Video Converter Professional
2014-11-05 12:46 - 2014-11-05 12:46 - 00000000 ____D () C:\Users\Main\AppData\Roaming\AnvSoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 20:45 - 2014-05-16 13:59 - 00000000 ___HD () C:\FRST
2014-12-04 20:40 - 2008-12-11 11:15 - 01649424 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 20:34 - 2009-02-03 02:01 - 00137520 _____ () C:\ProgramData\nvModes.001
2014-12-04 20:34 - 2009-02-03 02:00 - 00137520 _____ () C:\ProgramData\nvModes.dat
2014-12-04 20:32 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:32 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:31 - 2014-04-03 18:26 - 00061654 _____ () C:\Windows\PFRO.log
2014-12-04 20:31 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 20:28 - 2014-10-26 21:01 - 00000000 ____D () C:\Users\Main\AppData\Roaming\SoftGrid Client
2014-12-04 20:28 - 2006-11-02 08:01 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-04 19:03 - 2006-11-02 05:33 - 00770068 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 17:43 - 2013-07-26 17:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-04 17:41 - 2014-10-23 19:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 14:46 - 2014-10-26 11:07 - 00171944 _____ () C:\Users\Main\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 14:21 - 2011-09-20 20:15 - 00000000 ____D () C:\Program Files\Blue Coat K9 Web Protection
2014-12-04 09:30 - 2014-10-20 11:31 - 00000982 _____ () C:\Users\Main\Desktop\Sleep.lnk
2014-12-03 20:07 - 2014-10-26 11:12 - 00000000 ____D () C:\Users\Main\AppData\Roaming\vlc
2014-12-03 03:55 - 2014-06-12 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 19:45 - 2014-10-27 20:41 - 00000000 __RHD () C:\Users\Main\Documents\my ''Main'' folder
2014-11-30 13:32 - 2012-11-03 19:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-29 20:41 - 2014-10-26 10:56 - 00000000 ____D () C:\Users\Main
2014-11-29 20:40 - 2013-04-11 09:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-29 20:40 - 2013-04-11 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-28 15:53 - 2011-10-31 17:45 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\SoftGrid Client
2014-11-27 10:20 - 2009-02-08 15:49 - 00000000 ___RD () C:\Users\Main\Desktop\my folder
2014-11-24 18:36 - 2014-10-26 10:56 - 00000000 ____D () C:\Users\Main\AppData\Local\Google
2014-11-23 20:42 - 2014-05-15 16:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-22 21:33 - 2013-07-29 20:45 - 00000000 __RHD () C:\Users\Sim\Documents\my folder
2014-11-22 21:17 - 2013-06-07 09:30 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 21:16 - 2013-06-07 09:31 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-22 21:10 - 2014-05-07 12:37 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-22 21:10 - 2013-06-07 09:30 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 21:10 - 2013-06-07 09:30 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-22 21:10 - 2013-06-07 09:30 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-22 21:10 - 2013-06-07 09:30 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-22 21:10 - 2013-06-07 09:30 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-19 09:20 - 2010-02-21 21:10 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-19 09:20 - 2010-02-21 21:10 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 19:16 - 2014-10-26 10:56 - 00001230 __RSH () C:\Users\Main\ntuser.pol
2014-11-15 18:16 - 2008-10-25 18:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-11-12 19:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-11 22:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-11-11 22:17 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-11-11 20:24 - 2014-09-28 19:46 - 00509168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 19:59 - 2013-07-10 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 19:46 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-06 22:34 - 2014-10-26 10:56 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Adobe
2014-11-06 22:34 - 2014-10-26 10:56 - 00000000 ____D () C:\Users\Main\AppData\Local\Adobe
2014-11-05 20:57 - 2010-07-25 12:55 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\vlc
2014-11-05 12:55 - 2009-11-28 23:59 - 00000000 ____D () C:\Users\Sim\AppData\Roaming\Apple Computer
2014-11-04 14:30 - 2009-10-04 22:20 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Sim\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-04 20:44

==================== End Of Log ============================

-----------------------------------------------------------------

*Addition.txt:*

-----------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
Ran by Sim at 2014-12-04 20:46:22
Running from C:\Users\Main\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
AbiWord 2.8.6 (HKLM\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Akamai) (Version: - )
Any Video Converter 5.0.9 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bridge Constructor (Version: 2.2.0.98 - WildTangent) Hidden
BufferChm (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Bullzip PDF Printer 7.2.0.1320 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1320 - Bullzip)
C4400 (Version: 110.0.201.000 - Hewlett-Packard) Hidden
C4400_Help (Version: 110.0.201.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
CLEAR Connection Manager (HKLM\...\{CC591B40-F733-4731-9240-CE86FA34532C}) (Version: 2.00.0043.0 - Clearwire)
CLEP Sampler (HKLM\...\CLEP Sampler) (Version: - )
Commandos Behind the enemy lines (HKLM\...\Commandos Behind the enemy lines_is1) (Version: - )
Commandos Beyond the call of duty (HKLM\...\Commandos Beyond the call of duty_is1) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.58.1.0 - Conexant)
Copy (Version: 110.0.180.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (Version: 110.0.180.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_HERMOSA_HSF) (Version: - )
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Customer Participation Program 11.0 (HKLM\...\HPExtendedCapabilities) (Version: 11.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.5723 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.1.0 - Hewlett-Packard Company)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}) (Version: 11.0 - HP)
HP Quick Launch Buttons 6.40 H2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0118 (HKLM\...\{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{846DDADA-0239-4B67-A6B1-33658863793B}) (Version: 1.1.1963.2799 - Hewlett-Packard Company)
InstallVC90Support (Version: 1.01.0000 - Novatel Wireless) Hidden
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juno Preloader (HKLM\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0926 - CyberLink Corp.)
LabelPrint (Version: 2.5.0926 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Mavis Beacon Teaches Typing 16 (HKLM\...\Mavis Beacon Teaches Typing 16) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II: The Conquerors Expansion Trial (HKLM\...\Age of Empires II: The Conquerors Expansion Trial) (Version: - )
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
NetZero Preloader (HKLM\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OCR Software by I.R.I.S. 11.0 (HKLM\...\HPOCR) (Version: 11.0 - HP)
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
PanoStandAlone (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2202 - CyberLink Corp.)
Power2Go (Version: 6.0.2202 - CyberLink Corp.) Hidden
PS_AIO_03_C4400_ProductContext (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4400_Software_Min (Version: 110.0.201.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raven Squad (Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20133 - Realtek Semiconductor Corp.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version: - )
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\@@[email protected]@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Scan (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Serif PagePlus Essentials (HKLM\...\{26F8F39E-C228-4E3C-93A5-061FCCBFC914}) (Version: 1.0.0.004 - Serif (Europe) Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Special Internet Offers (HKLM\...\Special Internet Offers) (Version: 1.0 - Riverdeep)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Step It Up (HKLM\...\Step It Up) (Version: Version 1.5.0.1 - JEM, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.0 - Synaptics)
Syncios version 3.0.0 (HKLM\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 3.0.0 - Anvsoft, Inc.)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.11117 - TeamViewer GmbH)
Toolbox (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (Version: - WildTangent) Hidden
Usenet.nl (HKLM\...\Usenet.nl_is1) (Version: - )
VideoReDo/Plus Version 2.5.6.512 (HKLM\...\VideoReDo-Plus_is1) (Version: - DRD Systems, Inc.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Version: 4.0.11.2 - WildTangent) Hidden
WildTangent Games App for HP (Version: 4.0.11.2 - WildTangent) Hidden
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
World of Zoo Animal Creator Demo (Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

15-10-2014 16:13:46 Windows Update
19-10-2014 00:29:54 Windows Update
24-10-2014 16:45:23 Windows Update
28-10-2014 17:00:39 Windows Update
05-11-2014 17:29:25 Windows Update
12-11-2014 00:43:43 Windows Update
19-11-2014 01:40:00 Windows Update
19-11-2014 18:10:59 Windows Update
23-11-2014 02:07:31 avast! antivirus system restore point
25-11-2014 15:48:16 Windows Update
02-12-2014 15:45:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-20 14:32 - 2014-11-30 13:37 - 00450203 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09D620CA-CC87-46D8-ACAA-BE8AD0F5DBBC} - System32\Tasks\Hewlett-Packard online update program => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {2966EC6E-95C9-4266-B53F-B6E4F8EA555B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {2B21AF02-3037-48E2-BA8D-35D1A5534A03} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2EA0C837-0408-4668-BC79-155DC1CAE67C} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-30] (Oracle Corporation)
Task: {4E2F7BD6-57D4-46A5-84DB-32DADF2D7B91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1001Core => C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {5A4D2786-ECA6-468E-83D0-94F761388AF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {5AEDE90C-8D69-4C86-AFD2-1A7962DA462A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1000UA => C:\Users\sim2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01] (Google Inc.)
Task: {63C685D1-EA43-41CD-8D07-E9901AFC96E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {774CC7A3-76DF-4527-8214-44BF2842180B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sim => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {775C1E9A-408A-4B20-9F87-2183637A8C1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7B17D805-C9F0-4CF6-9CF6-70501B096EBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {93F3CB14-9DF2-42AC-A17C-5F2C384706E6} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A3DB00D1-1BC5-4F53-97C1-294A8E20FD1C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AA2FAE1F-EF33-4E84-8F50-952CBCBFD9F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29] (Adobe Systems Incorporated)
Task: {AD895D20-5177-4081-8935-F5184113B2EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1001UA => C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {C90C80E6-4BF5-423B-A9DD-1FC2D3A1F6E3} - System32\Tasks\Google Updater and Installer => C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {DB37B10F-77D9-4DFB-B1B9-32C640E40AE0} - System32\Tasks\HPCeeScheduleForSim => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {EF4E02E2-A070-412B-B291-F3DE436E903F} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Task: {FA466B0E-8934-41E5-B550-1CBA1CCDE44B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1000Core => C:\Users\sim2\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1000Core.job => C:\Users\sim2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1000UA.job => C:\Users\sim2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1001Core.job => C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2102505673-468953021-716528560-1001UA.job => C:\Users\Sim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSim.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-12-04 13:41 - 2014-12-04 13:41 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll
2014-11-22 21:10 - 2014-11-22 21:10 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2014-11-22 21:10 - 2014-11-22 21:10 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2014-11-22 21:10 - 2014-11-22 21:10 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2008-10-25 19:17 - 2008-10-06 11:54 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2008-10-25 19:17 - 2008-10-06 11:54 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2014-11-22 21:10 - 2014-11-22 21:10 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-11-23 18:15 - 2014-11-22 21:10 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk => C:\Windows\pss\HotSync Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^sim2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Sim^Documents^my folder^Other^Storage folder^Unneeded, question files^From - ''Program Data''^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Clearwire Connection Manager => "C:\Program Files\Clearwire\Connection Manager\ClearwireCM.exe" -a
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Google Update => "C:\Users\sim2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun 
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Syncios device service => C:\Program Files\Syncios\SynciosDeviceService.exe
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2102505673-468953021-716528560-500 - Administrator - Disabled)
sim2 (S-1-5-21-2102505673-468953021-716528560-1000 - Limited - Enabled) => C:\Users\sim2
Sim (S-1-5-21-2102505673-468953021-716528560-1001 - Administrator - Enabled) => C:\Users\Sim
Guest (S-1-5-21-2102505673-468953021-716528560-501 - Limited - Disabled) => C:\Users\Guest
Main (S-1-5-21-2102505673-468953021-716528560-1108 - Limited - Enabled) => C:\Users\Main

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 08:31:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 08:29:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 01:53:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (11/30/2014 05:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 600
Start Time: 01d00cf06edffdd0
Termination Time: 6

Error: (11/30/2014 05:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 738
Start Time: 01d00cf0618a8a10
Termination Time: 16

Error: (11/30/2014 05:53:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16c0
Start Time: 01d00cefd6933100
Termination Time: 31

Error: (11/29/2014 08:48:54 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{1E1B5668-BCCE-4C68-8E76-46C4C2675DDB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/29/2014 05:30:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 01:56:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (12/04/2014 08:33:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Error: (12/04/2014 08:33:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (12/04/2014 08:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/04/2014 08:31:34 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402

Error: (12/04/2014 05:15:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (12/04/2014 03:42:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (12/04/2014 02:02:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (12/04/2014 00:29:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (12/03/2014 09:47:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Dnscache

Error: (12/03/2014 08:31:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWType%%5

Microsoft Office Sessions:
=========================
Error: (12/04/2014 08:31:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2014 08:29:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2014 01:53:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (11/30/2014 05:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.0.6001.1800060001d00cf06edffdd06

Error: (11/30/2014 05:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.0.6001.1800073801d00cf0618a8a1016

Error: (11/30/2014 05:53:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.0.6001.1800016c001d00cefd693310031

Error: (11/29/2014 08:48:54 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{1E1B5668-BCCE-4C68-8E76-46C4C2675DDB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (11/29/2014 05:30:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2014 10:28:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/24/2014 01:56:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-11-29 22:12:13.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 22:12:12.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 22:12:11.347
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 22:12:10.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 21:07:16.769
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 21:07:15.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 21:07:14.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 21:07:13.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 20:27:20.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-29 20:27:19.539
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon Dual-Core QL-62
Percentage of memory in use: 51%
Total physical RAM: 1789.69 MB
Available physical RAM: 865.38 MB
Total Pagefile: 3829.84 MB
Available Pagefile: 2887.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.01 GB) (Free:68.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2D900954)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

-----------------------------------------------------------------


----------



## simr (May 13, 2013)

A very strange thing happened when I ran JRT, after a short while the desktop disappeared which in and of itself is normal for this tool, but when the desktop came back, it wasn't the "Main" limited account that I ran it from and that I was logged on to, but rather it switched accounts to my Admin account which wasn't even logged into prior, but now it all of a sudden went into it.
So I pressed "Switch account" to do out, and then went right back into the "Main" account, but it was still the Admin account just with the "Main" account's background just like from after the scan.
And when I opened the Task Manager some Processes were from the Admin while others of the limited account.
Also Windows Explorer was "Hanging" and not working until I logged out (not just "Switch") and logged back into the "Main" account.
Then I ran the tool a second time (since during the first time I wasn't by the computer, so I wanted to see it actually happen) and the same thing happened.

Have you heard of such a thing happening to others running this tool? Since it's really odd.

(I didn't realize it would clear my Event Viewer log, I'm not happy about that at all. All the records from the beginning of this computer is gone.)

The log below is from the second scan, as the first one was erased by JRT somehow once the second log was made, it's possible that the first log was a bit longer I don't remember exactly.

*JRT.txt:*
-------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sim on Thu 12/04/2014 at 21:23:41.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/04/2014 at 21:27:53.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you very much Satchfan, I appreciate your help!


----------



## Satchfan (Jan 12, 2009)

There is nothing malicious showing up here but I need a check on your security.

*First*

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below. *


Code:


SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1108 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sim\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_li ve.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9
C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7

**NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*


save the files as *fixlist.txt* in the same folder as FRST  *NOTE*: It's important that both files, *FRST* and *fixlist.txt* are in the same location or the fix will not work
run FRST then click *Fix* just once and wait
it will create a log *(Fixlog.txt)*; please post it to your reply.

================================================

*Run Security Check*

Download *Security Check* by screen317 from *here* or *here*.


save it to your Desktop.
double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
a Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Satchfan


----------



## simr (May 13, 2013)

Should I run SC.exe as administrator?

Also, are you sure I should write "sim" as the user in that script, since that Chrome extension is in the "Main" user, not "sim"?


----------



## Satchfan (Jan 12, 2009)

Yes to both.


----------



## simr (May 13, 2013)

*Fixlog.txt*
------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2014
Ran by sim at 2014-12-05 11:16:53 Run:2
Running from C:\Users\Main\Desktop
Loaded Profiles: Sim & Main (Available profiles: Sim & sim2 & Main & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1001 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
SearchScopes: HKU\S-1-5-21-2102505673-468953021-716528560-1108 -> {0FA204D4-5326-43C7-A4D2-EDFB78E6EA59} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HKU\S-1-5-21-2102505673-468953021-716528560-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Sim\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_li ve.crx [Not Found]
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9
C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7
*****************

"HKU\S-1-5-21-2102505673-468953021-716528560-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}" => Key deleted successfully.
"HKCR\CLSID\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}" => Key not found.
"HKU\S-1-5-21-2102505673-468953021-716528560-1108\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}" => Key deleted successfully.
"HKCR\CLSID\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
"HKU\S-1-5-21-2102505673-468953021-716528560-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
"HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2102505673-468953021-716528560-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Sim\AppData\Local\Google\Update\1.3.23.9" => File/Directory not found.
C:\Users\Sim\AppData\Local\Google\Update\1.3.24.7 => Moved successfully.

==== End of Fixlog ====

------------------------------------------------------------------

*checkup.txt*
------------------------------------------------------------------

Results of screen317's Security Check version 0.99.91 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
WinPatrol 
MVPS Hosts File 
Spybot - Search & Destroy 
SUPERAntiSpyware 
Malwarebytes Anti-Malware version 2.0.3.1025 
CCleaner 
Java 8 Update 20 
Java 8 Update 25 
*Java version 32-bit out of Date!* 
Adobe Flash Player 10 *Flash Player out of Date!* 
Adobe Flash Player 15.0.0.239 
Adobe Reader 10.1.12 *Adobe Reader out of Date!* 
Mozilla Firefox 31.0 *Firefox out of Date!* 
Google Chrome (39.0.2171.65) 
Google Chrome (39.0.2171.71) 
*````````Process Check: objlist.exe by Laurent````````* 
*WinPatrol winpatrol.exe is disabled!* 
windows defender MpCmdRun.exe 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 5 % *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## Satchfan (Jan 12, 2009)

Lets have a final scan before we clean up.

*Uninstall McAfee Security Scan*


click *Start, Control Panel, Programs and Features*
click on *McAfee Security Scan* and then on *Uninstall*

*If you are prompted for an administrator password or confirmation, type the password or provide confirmation. *

================================================

*Run ESET Online Scan*

*IMPORTANT* Please make sure you uncheck the box next to *Remove found threats*. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

*Note*: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read *here*.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

*ESET OnlineScan*


click the *Eset online Scanner* button
*for alternate browsers only*: (Microsoft Internet Explorer users can skip these steps)

o click on *esetinstaller.exe* to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.​
check *Yes, I accept the Terms of Use*
click the *Start* button
accept any security warnings from your browser
check *Enable detection of potentially unwanted applications*
click Advanced settings and select the following:

o scan archives
o scan for potentially unsafe applications
o enable Anti-Stealth technology​
Note: *Do not* check *Remove found threats*

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
when the scan completes, push *List of found threats*
push *Export to Text file* and save the file to your desktop using a unique name, such as *ESETScan*. Include the contents of this report in your next reply.

*Note *- if ESET doesn't find any threats, no report will be created.​
push the *back* button.
push *Finish*

When the scan is complete:

If no threats were found:

o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found​If threats were found:

o click on "list of threats found"
o click on "export to text file" and save it as *ESET results* and save to the desktop
o Click on *back*
o put a checkmark in "Uninstall application on close"
o click on *finish*
o close program
o copy and paste the report here​Thanks

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> You can use either Internet Explorer or Mozilla FireFox for this scan.


What about Chrome?

It says:


> Chrome and Firefox users will need to download and run a small utility file before starting scan.


----------



## Satchfan (Jan 12, 2009)

I don't understand your problem. Please just follow the instructions.


----------



## simr (May 13, 2013)

ESET found 2 items, here they are:

--------------------------------------------------

C:\$RECYCLE.BIN\S-1-5-21-2102505673-468953021-716528560-1108\$RVR7F7E.zip JS/TrojanDownloader.Agent.NZP trojan
C:\Program Files\CCleaner\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

--------------------------------------------------

(Since the mid-line big space from the notepad isn't seen here for some reason, I made the red to indicate the 2 sides of the lines respectively.)

Thank you Satchfan!


----------



## Satchfan (Jan 12, 2009)

All looks good; just a couple of things to deal with.

On your desktop, right-click *Recycle Bin* and select *Empty Recycle Bin*

*Next*

Please copy all text in the code box below and paste it into Notepad:

*


Code:


@echo off
del /f /s /q " C:\Program Files\CCleaner\ccsetup324.exe 
del %0

*
save the Notepad file to your desktop and name it *delfiles.bat*
save type as "*All Files*"
on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

Can you tell me if there are any remaining problems. If all is well, Ill send instructions to tidy up.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> Can you tell me if there are any remaining problems.


I have a few questions.
1) When I checked in *C:\$RECYCLE.BIN\S-1-5-21-2102505673-468953021-716528560-1108* $RVR7F7E.zip was still there, though when I went out and came back it was gone.

2) Is the behavior from JRT I describe in post 15, normal or out of the ordinary?

3) *delfiles.bat* didn't delete *ccsetup324.exe*, it only deleted itself (apparently only the *del %0* worked).

4) Should I uninstall the old version of Java (see attachment) and defrag my system as indicated by the *checkup.txt*?


----------



## Satchfan (Jan 12, 2009)

> Is the behavior from JRT I describe in post 15, normal or out of the ordinary?


 It is not something that JRT does as a rule in my experience.



> delfiles.bat didn't delete ccsetup324.exe, it only deleted itself (apparently only the del %0 worked)


 The script was OK as far as I can see - maybe the execution wasn't.



> Should I uninstall the old version of Java


 I'm coming to that in the clean up/recommendations:



> Can you tell me if there are any remaining problems. If all is well, Ill send instructions to tidy up.


----------



## simr (May 13, 2013)

I'm assuming you think Question 1) Above is fine?



Satchfan said:


> It is not something that JRT does as a rule in my experience.


So then is there anything to worry about?



Satchfan said:


> The script was OK as far as I can see - maybe the execution wasn't.


I double clicked it. I even created another one and ran as administrator and it still didn't delete it.
Perhaps you could let me know what else could go wrong with the execution of the file.

-----------------------------

I just ran another AnwCleaner scan, and there's recurring items in it, namely the *aol.com*, *ask.com* and *RunAsStdUser Task*, do you know what they are and why they come back? In fact the *aol.com* and *ask.com* have shown up in my AdwCleaner sporadically for many months now. (Don't worry about the Chrome Folder Found, it's just a extension that's being used.)

Scan just ran:
-----------------------------

# AdwCleaner v4.104 - Report created 07/12/2014 at 17:58:52
# Updated 05/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Sim - MYPC
# Running from : C:\Users\Main\Downloads\ADMIN SCAN TOOLS\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi

***** [ Scheduled Tasks ] *****

Task Found : RunAsStdUser Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.71

[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Main\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1678 octets] - [04/12/2014 20:09:06]
AdwCleaner[R1].txt - [951 octets] - [04/12/2014 20:36:10]
AdwCleaner[R2].txt - [1142 octets] - [06/12/2014 19:37:11]
AdwCleaner[R3].txt - [1295 octets] - [07/12/2014 17:58:52]
AdwCleaner[S0].txt - [1721 octets] - [04/12/2014 20:27:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1415 octets] ##########


----------



## Satchfan (Jan 12, 2009)

They were removed once but Google Chrome is infamous for this kind of behaviour.

Well use another tool.

*Run Zoek*

Download *zoek.exe* to your Desktop:

*Important*: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications *here*


on Windows Vista, 7, and 8, right-click *Zoek.exe* and select: *Run as Administrator*
give it a few seconds to appear
copy/paste the entire script inside the codebox below into the input field of Zoek:

```
chrdefaults;
emptyalltemp;
emptyclsid;
autoclean;
```

close any open programs.
click the *Run script* button, and wait. It takes a few minutes to run.
when the tool finishes, the *zoek-results.log* is opened in Notepad: the log can also be found on the systemdrive, normally *C:\*
if a reboot is needed, the log will be opened after the reboot.

After you've done that, please run AdwCleaner again and also send that log.

Thanks

Satchfan


----------



## simr (May 13, 2013)

I managed to get rid of aol.com and ask.com by clearing the search engine option in Chrome (see attachment).
Should I still run the tool to remove the "RunAsStdUser Task"?

*AdwCleaner scan results after I cleared the search engines:*
--------------------------------------
# AdwCleaner v4.104 - Report created 08/12/2014 at

12:51:01
# Updated 05/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows Vista (TM) Home Premium

Service Pack 2 (32 bits)
# Username : Sim - MYPC
# Running from : C:\Users\Main\Downloads\ADMIN SCAN

TOOLS\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found :

C:\Users\Main\AppData\Local\Google\Chrome\User

Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi

***** [ Scheduled Tasks ] *****

Task Found : RunAsStdUser Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.71

*************************

AdwCleaner[R0].txt - [1678 octets] - [04/12/2014 20:09:06]
AdwCleaner[R1].txt - [951 octets] - [04/12/2014 20:36:10]
AdwCleaner[R2].txt - [1142 octets] - [06/12/2014 19:37:11]
AdwCleaner[R3].txt - [1495 octets] - [07/12/2014 17:58:52]
AdwCleaner[R4].txt - [1067 octets] - [08/12/2014 12:51:01]
AdwCleaner[S0].txt - [1721 octets] - [04/12/2014 20:27:39]

########## EOF - \AdwCleaner\AdwCleaner[R4].txt -

[1187 octets] ##########

--------------------------------------


----------



## Satchfan (Jan 12, 2009)

That was following your own instructions. Please follow mine or this request for help becomes pointless.


----------



## simr (May 13, 2013)

Does it make a difference if I download the exe and zip?

Should I back up my Chrome history/bookmarks or anything else that I don't want to be lost once I run the *chrdefaults *command?


----------



## Satchfan (Jan 12, 2009)

> Does it make a difference if I download the exe and zip?


I should download the .exe version.



> Should I back up my Chrome history/bookmarks or anything else that I don't want to be lost once I run the *chrdefaults *command?


You already did that previously.


----------



## simr (May 13, 2013)

Satchfan said:


> You already did that previously.


Not recently.


----------



## Satchfan (Jan 12, 2009)

My apologies simr.

Please ignore the Zoek instructions; we can always do that later if necessary.

I had a post prepared which I have overlooked. Although you have run Eset, Id still like these done, after which things may have been dealt with and we wont need *Zoek*.









* Disable Windows Defender* 

Id like you to check that all aspects of Windows Defender are disabled because it can interfere with your antivirus.

To disable Windows Defender:


open Windows Defender
click on *Tools, General Settings*
scroll down and uncheck *Turn on real-time protection (recommended) *
after you uncheck this, click on the *Save* button and close Windows Defender. 

===================================================

*Reset Browser Settings*:

First, backup your Favourites/Bookmarks and other data:

*Backup Internet Explorer Favourites*
*Backup Chrome Bookmarks*​
Next, reset your browsers:

*How to reset Internet Explorer settings*
*How to reset Chrome settings*​
====================================================

Download *TFC* to your *desktop*


close any open windows
double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run
click the *Start* button to begin the process
allow *TFC* to run uninterrupted
the program should not take long to finish it's job
once its finished it should automatically *reboot your machine*
if it doesn't, manually reboot to ensure a complete clean.

====================================================

*Run Malwarebytes Anti-Malware*

I noticed that you had MBAM on your system: if you no longer have it, you can download it from *here*: 

start Malwarebytes-Anti-Malware and update it, (Update tab}
once it is updated, click on Scan tab, select *Threat Scan*, then click *Scan*.
when the scan is complete, if no malicious items are found you can close the program
if malicious items are found be sure that everything is checked and click *Quarantine*
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) 
the log is automatically saved and can be viewed by clicking the *Logs* tab in MBAM. 
copy and paste the contents of that report in your next reply and exit MBAM. 

*NOTE*: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. *Failure to reboot will prevent MBAM from removing all the malware.*

Logs to include with the next post:

*
Mbam.txt*

Can you tell me if there are any outstanding problems.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> reset your browsers:
> 
> *How to reset Internet Explorer settings*
> *How to reset Chrome settings*​


Not Firefox?


----------



## Satchfan (Jan 12, 2009)

Firefox would have been mentioned if necessary!

However, your choice

*Reset Firefox*

You need to reset Firefox to its default settings which will remove everything from Firefox.

If you need to keep your bookmarks, follow the instructions *here*.


at the top of the Firefox window, click on the *Help* menu and select *Troubleshooting Information*
click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
on the right, click *Reset Firefox*
Firefox will close and be reset
when it's finished, click *Finish* and Firefox will open
restart the computer and check Firefox again.


----------



## simr (May 13, 2013)

Satchfan said:


> * Disable Windows Defender*
> 
> I'd like you to check that all aspects of Windows Defender are disabled because it can interfere with your antivirus.
> 
> ...


There's no *Turn on real-time protection* option in Defender, but In *Services* I changed it from automatic to manual and stopped it, so it'll be off.



Satchfan said:


> *Reset Browser Settings*...


Though I deleted them before and they were gone, after I restored Chrome to default, the *aol.com* and *ask.com* search engines came back (see attachment) as that's Chrome's default behavior, but not to worry as I deleted them right away again, and they're gone now.



Satchfan said:


> Download *TFC* to your *desktop*...


When running TFC, the desktop disappeared (as usual) but when it came back, the same thing happened as with JRT.
It seems that with tools that make the desktop disappear, if they're run from a limited user account as I did and are run "as administrator", when the desktop comes back, it switches to the administrator account, and Windows Explorer malfunctions (whether the Start Menu buttons not working, or folders not being able to be clicked, etc.).
I wonder if this happens to anyone else who runs - desktop disappearing tools - as administrator from their limited user account.



Satchfan said:


> *Run Malwarebytes' Anti-Malware*...


Came out clean.
Here's the log:
-------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/9/2014
Scan Time: 6:58:08 PM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.09.08
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Sim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446363
Time Elapsed: 44 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------

Thank you very much Satchfan!


----------



## Satchfan (Jan 12, 2009)

Please run *SecurityCheck* again and send the new log.

Can you tell me if there are any remaining problems.

Satchfan


----------



## simr (May 13, 2013)

It'll probably just find "C:\Program Files\CCleaner\ccsetup324.exe" like last time, but will do.


----------



## Satchfan (Jan 12, 2009)

> Can you tell me if there are any remaining problems.


Please also post the SecurityCheck log

Thanks

Satchfan


----------



## simr (May 13, 2013)

Yes.

Being that the last scan took over 3 hours (as I have 157 GB of used space on my computer) I'll need to find a good time to schedule it. Will post log.


----------



## Satchfan (Jan 12, 2009)

It's not *Eset online scan* I asked you to run.

I'd like you to run *SecurityCheck *which should not take that long.


----------



## simr (May 13, 2013)

Oops, you're right, I mixed it up.
Good thing I wrote my plans here so you caught my mistake.
Thank you.


----------



## simr (May 13, 2013)

Here's the log:
------------------------------------------------------

Results of screen317's Security Check version 0.99.91 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
Internet Explorer 8 
*``````````````Antivirus/Firewall

Check:``````````````* 
Windows Firewall Enabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities

Check:`````````* 
WinPatrol 
MVPS Hosts File 
Spybot - Search & Destroy 
SUPERAntiSpyware 
CCleaner 
Java 8 Update 20 
Java 8 Update 25 
*Java version 32-bit out of Date!* 
Adobe Flash Player 10 *Flash Player out of Date!* 
Adobe Flash Player 15.0.0.239 
Adobe Reader 10.1.12 *Adobe Reader out of Date!* 
Mozilla Firefox (34.0.5) 
Google Chrome (39.0.2171.71) 
Google Chrome (39.0.2171.95) 
*````````Process Check: objlist.exe by Laurent````````* 
WinPatrol winpatrol.exe 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
AVAST Software Avast AvastUI.exe 
Ruiware WinPatrol WinPatrol.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 4 % *

Defragment your hard drive soon! (Do NOT defrag if SSD!)

*
*````````````````````End of Log``````````````````````*


----------



## Satchfan (Jan 12, 2009)

Are there any remaining problems?


----------



## simr (May 13, 2013)

Do you know what *RunAsStdUser Task* is, that AdwCleaner found?
I assume it's "Run as standard User Task", but that's just my guess and I have no idea what that would mean.

-----------------------------

Should I manually delete "C:\Program Files\CCleaner\ccsetup324.exe" as the above tried command line didn't do it?
By the way, this is what Virus Total had to say about the file (with ESET the lone dissenter).

-----------------------------



simr said:


> Adobe Flash Player 10 *Flash Player out of Date!*


When I try to update my Flash player I was directed to here, and it says there that I have version 16,0,0,235, see also "Flash player version" attachment.


simr said:


> Adobe Flash Player 15.0.0.239
> Adobe Reader 10.1.12 *Adobe Reader out of Date!*


See "Adobe Reader" attachment for the version I have, and the error I get when I try to update it.


----------



## Satchfan (Jan 12, 2009)

Everything "bad" on your computer has been dealt with.

We don't have the time or resources to give details about any of the individual processes but, you can be reassured that anything that should have been removed, has been. If we've helped to solve your problem, that's our job done. :up:

Please let me know if there are any remaining problems.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> Everything "bad" on your computer has been dealt with...you can be reassured that anything that should have been removed, has been.


I assume you're referring to *RunAsStdUser Task* and *C:\Program Files\CCleaner\ccsetup324.exe*?

Is it okay if I start a new thread regarding what is
*HLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task*
so this way I don't have to burden you with it anymore? (Since at this point, I'd like to know what it is.)



Satchfan said:


> Please let me know if there are any remaining problems.
> 
> Satchfan


Do you know what are the *Group Policy restriction detected* in the logs above?

I guess at this point, all that remains is to clean up the computer from all those tools, resolving Security Check's advice, and resolving my original questions (post 1 & 2).

Thank you!


----------



## Satchfan (Jan 12, 2009)

The WebData file is an SQL database that contains search engine customisations and login credentials; it also stores other information such as auto-complete entries, search keywords etc.



> Do you know what RunAsStdUser Task is, that AdwCleaner found?
> I assume it's "Run as standard User Task", but that's just my guess and I have no idea what that would mean.
> 
> Should I manually delete "C:\Program Files\CCleaner\ccsetup324.exe" as the above tried command line didn't do it?


 Although there are scheduled tasks, there were no suspect/bad ones found therefore none listed in the AdwCleaner report. Had * ccsetup324.exe* been a bad task that was scheduled, AdwCleaner would have dealt with it or, failing that, I would have dealt with it. It is the CCleaner Installer file and seeing as you have CCleaner installed, it is there at your request.



> Do you know what are the Group Policy restriction detected in the logs


 You can set these yourself See *this* and set/disable restrictions.

Should you have any other questions that are not malware-related you can start a topic in our Windows *Vista forum*.

Now, lets tidy up.

Your computer appears to be clean.

*Uninstall AdwCleaner*


double click on *adwcleaner.exe* to run the tool
click on *Uninstall*
confirm with *Yes*.

You can delete all other logs and programs weve used that are on your desktop. Just click on them and press *Delete*.

===================================================

*Download & run Delfix*


download *Delfix* from *here* to remove many of the tools we've used during the cleaning process.
ensure Remove disinfection tools is *checked*.

Also place a checkmark next to:
*
o Create registry backup
o Purge system restore
*​


click the *Run* button.

You can delete all other logs and programs weve used that are on your desktop. Just click on them and press *Delete*.

===================================================

*Update installed programs*

Your versions of Flash Player, Java and Adobe Reader are out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

To remove them:


click *Start, Control Panel, Programs and Features*. 
click on each of these programs, one at a time, name and then on *Uninstall*:


*Java 8 Update 20 
Java 8 Update 25 
Adobe Flash Player 10
Adobe Reader 10.1.12*​You can also uninstall *Eset* in the same way.

*If you are prompted for an administrator password or confirmation, type the password or provide confirmation. *

Go *here* and download the latest version of Flash Player.

*Note*: Before you hit the *Download now* button, uncheck the Chrome offer if its not something you want.

*NEXT*

Visit *Adobe* and download the latest version of Acrobat Reader.

*NEXT*

Install the latest version of Java:

*Java*

NOTE  when you install Java, before clicking on *Install*, be sure to Uncheck *Install the Ask Toolbar and make Ask my default search provider*










Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found *here*.

===================================================

*Recommended programs*

Update and run *Malwarebytes*. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

Also, run *Spybot - Search and Destroy* and *SUPERAntiSpyware* regularly.

===================================================

*Its important to keep programs up to date so that malware doesn't exploit any old security flaws.*

*FileHippo Update Checker* is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

*Unchecky*

*Be careful when downloading free software*. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically unckecks the boxes you may not notice when downloading programs.

Download and install *Unchecky *.

*I also recommend that you read the following:*

*How to prevent malware* by miekiemoes

*Help! My computer is slow! * by miekiemoes

*Simple and easy ways to keep your computer safe and secure on the Internet* by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which Ill close the topic.

Safe computing

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> Although there are scheduled tasks, there were no suspect/bad ones found therefore none listed in the AdwCleaner report. Had * ccsetup324.exe* been a "bad" task that was scheduled, AdwCleaner would have dealt with it or, failing that, I would have dealt with it. It is the CCleaner Installer file and seeing as you have CCleaner installed, it is there at your request.


The task question was about *RunAsStdUser Task *that AdwCleaner found, not the Ccleaner file, that was a separate question, I wanted to know what *RunAsStdUser Task* is.
The only reason I asked about manually deleting the Ccleaner file is because you provided me with a command line to do just that above (though it didn't do it, which is why I asked about deleting it myself).



Satchfan said:


> You can set these yourself See *this* and set/disable restrictions.


I don't have Group Policy Editor since I have Vista Home Premium.



Satchfan said:


> Your versions of Flash Player, Java and Adobe Reader are out-of-date and need to be removed and updated.
> 
> Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.
> 
> ...


I tried uninstalling Java, see attachment for the error that arose.

----------------------------------------

I would like to get your opinion on my original questions which started this whole thread:


simr said:


> Hi, I found a .tmp (temp) file in my *Appdata/Local* folder, and I submitted it to VirusTotal and it said in the results (in the file detail tab) that it's from Bomgar software.
> 
> Here's a quote from a Wikipedia article on Bomgar software:
> 
> ...





simr said:


> Hi, what do I make out of this interesting and strange find by Avast (see attachment) and Virus Total?
> 
> Thank you very much in advance!


----------



## Satchfan (Jan 12, 2009)

> I would like to get your opinion on my original questions which started this whole thread:
> "I found a .tmp (temp) file in my Appdata/Local folder, and I submitted it to VirusTotal and it said in the results (in the file detail tab) that it's from Bomgar software."


 Any temp file in that folder can be deleted. Because it was flagged as "Bomgar" does not mean it *is* Bomgar. There are many "false positives" regarding various antiviruses. There is no Bomgar on your computer and VirusTotal had only 8 out of 55 AVs suggest that the *msnsusii.exe* was infected which were also likely false positives.

The *ccsetup324.exe* file was flagged by Eset, probably because, as an installer it was bundled with the CCleaner toolbar. The best way to deal with that is either leave it, (it is not a "bad" file) or uninstall/re-install CCleaner and (if you followed my suggestions and install Unchecky first), no added (unwanted) extras will be installed.

Do please start a new thread to ask questions regarding the Vista operating system and its files/folders/tasks as we are not equipped to answer questions about those - we are malware removal experts only and not experts in the operating system.

Before you start your new thread, please mark this as "Solved" at the top of the page.

Thanks and good luck

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> Do please start a new thread to ask questions regarding the Vista operating system and its files/folders/tasks as we are not equipped to answer questions about those - we are malware removal experts only and not experts in the operating system.


You mean for these?


simr said:


> The task question was about *RunAsStdUser Task *that AdwCleaner found...





simr said:


> Satchfan said:
> 
> 
> > You can set these yourself See *this* and set/disable restrictions.
> ...





simr said:


> I tried uninstalling Java, see attachment for the error that arose.


----------



## simr (May 13, 2013)

Should I run DelFix before I delete the programs or after, or does it not make a difference?

I assume it will only touch the programs you told me to download in this thread, but not Avast, MBAM, SAS or anything else?
Also, is it okay if I don't Purge system restore?


Thank you very much Satchfan!


----------



## Satchfan (Jan 12, 2009)

> is it okay if I don't Purge system restore?


 Why would you want to do that?


----------



## simr (May 13, 2013)

simr said:


> Is it okay if I don't Purge system restore?





Satchfan said:


> Why would you want to do that?


Would I want to delete most of the restore points?

--------------------------------

I managed to uninstall the Java 8 Update 20 version, by doing so from the limited account (for some reason when I tried form the admin account I got the error I showed above).

Interesting that SecurityCheck says:


> Java 8 Update 25
> *Java version 32-bit out of Date!*
> Adobe Flash Player 10 *Flash Player out of Date!*
> Adobe Flash Player 16.0.0.235
> Adobe Reader 10.1.12 *Adobe Reader out of Date!*


When Avast (see attachment) says they're up to date, and the Java website says the same about Java after they checked on my computer.


----------



## Satchfan (Jan 12, 2009)

Your computer is clean so these are recommendations made by somebody who knows what they are talking about.


It is your choice if you choose to ignore these recommendations.


My job is complete here and I don't have the time to continue a discussion about my decisions.


Consider this topic closed.


Satchfan


----------



## simr (May 13, 2013)

Should I run DelFix before I delete the programs we used above or after I delete them?


----------



## Satchfan (Jan 12, 2009)

DelFix first.


----------



## simr (May 13, 2013)

Did it.
These are the tools it removed (plus restore points):
-------------------------------
*~ Removing disinfection tools ...

Deleted : \FRST
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware*
-------------------------------
It didn't delete any of the programs that I downloaded from this thread, so I'll do so myself.

Let me ask you, do you recommend I defragment my computer as per SecurityCheck's advice?
Also, as per your instruction, should I delete both Flash Player files (see attachment) or only one of them? I'm not sure what both of them are, as they look like different things (ActiveX and NPAPI). Also, my Flash settings says that ActiveX isn't installed (attachment 2), even though it's in my list of programs.

Thank you.


----------



## Satchfan (Jan 12, 2009)

> do you recommend I defragment my computer


 Yes.

Download and run *Auslogics Disc Defragmenter*. Make sure when installing that you look out for, and say *NO* to, the *ASK toolbar*, (although, if you have taken my advice and installed UnChecky, that wont be necessary).

Re Flash, uninstall anything Flash-related and install the latest version.


----------



## simr (May 13, 2013)

Satchfan said:


> Any temp file in that folder can be deleted. Because it was flagged as "Bomgar" does not mean it *is* Bomgar. There are many "false positives" regarding various antiviruses.


I hope you don't mind if I ask, but are you saying that Virus Total is mistaken when it says this file is a Bomgar file?
(It can't fall into the category of "False positive" cause Virus Total says the file's safe.
The only thing it could be called is "Mistaken identity" when they label it as Bomgar software if it indeed isn't. If you say that you know that they've mistakenly identified it as Bomgar then I accept.)


----------



## Satchfan (Jan 12, 2009)

> are you saying that Virus Total is mistaken when it says this file is a Bomgar file?


Give me a link to where VT has identified your file as "Bomgar".


----------



## simr (May 13, 2013)

Same link as above.
Click here, and check the *File detail*, *Relationships* and *Additional information* tabs, right near the *Analysis *tab, which is what it opens to first.


----------



## Satchfan (Jan 12, 2009)

Hm, strange that all are "OK" this time round.

We'll run a scan that will find out if that file is present: if it is not, then it will have been a "false-positive".

Please download *SystemLook* from one of the links below and save it to your Desktop.

*SystemLook (32-bit) *
*SystemLook (64-bit)* 


double-click *SystemLook.exe* to run it.
copy the content of the following codebox into the main textfield - please make sure you include the colon, (*:*), at the beginning:

*


Code:


:filefind
Nstvhook.dll

:Regfind
Nstvhook

*
click the *Look* button to start the scan.
when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> Download and run *Auslogics Disc Defragmenter*.


Chrome blocked the download of that program, see attachment for warning message, why would Chrome block a presumably safe program?


----------



## Satchfan (Jan 12, 2009)

> why would Chrome block a presumably safe program?


 When installing Auslogics you will be offered the choice of installing bundled software with it. If you installed UnChecky as I suggested, the option will be "un-checked" for you automatically; if you haven't, you can un-ckeck the option yourself.

Chrome has obviously noticed that is bundled with another "questionable" program and is warning you, (strange since Chrome is usually the problem, not the good guy when it comes to bundled software).

The download itself is not harmful, just choose not to install anything else when installing the Disk Defragmenter.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> When installing Auslogics you will be offered the choice of installing bundled software with it...
> The download itself is not harmful, just choose not to install anything else when installing the Disk Defragmenter.


I can't install it cause Chrome doesn't even let it to be downloaded, I guess I'll have to use another browser to download it.


----------



## Satchfan (Jan 12, 2009)

> Chrome doesn't even let it to be downloaded


Rubbish! Chrome is not protecting you, just itself. They allow far worse to be installed without warning.

Just choose "Dismiss" or choose a different browser and run the program: it is perfectly safe.


----------



## simr (May 13, 2013)

Satchfan said:


> it is perfectly safe.


I didn't doubt that. I was just puzzled that Chrome blocks it.



Satchfan said:


> We'll run a scan that will find out if that file is present: if it is not, then it will have been a "false-positive".
> 
> Please download *SystemLook* from one of the links below and save it to your Desktop.


Here's the log:

---------------------------------------------------------
SystemLook 04.09.10 by jpshortstuff
Log created at 18:04 on 16/12/2014 by Sim
Administrator - Elevation successful

========== filefind ==========

Searching for "Nstvhook.dll"
No files found.

========== Regfind ==========

Searching for "Nstvhook"
No data found.

-= EOF =-


----------



## Satchfan (Jan 12, 2009)

It would appear that the "Bomgar" file is not on your computer.


----------



## simr (May 13, 2013)

Satchfan said:


> It would appear that the "Bomgar" file is not on your computer.


And probably never was.

But the _[email protected]!-5ed06127-2655-460e-83da-fd7edd31e9b0.tmp_ file definitely was, until I deleted it (but not before uploading it to Virus Total).
And my question was how could it end up in my AppData folder if I never used Bomgar related anything (at least to my knowledge).

Thank you Satchfan!


----------



## Satchfan (Jan 12, 2009)

> my question was how could it end up in my AppData folder


 I have no idea; malware has many different ways of getting in, especially on a computer that has no antivirus/firewall or one that has more than one antivirus/firewall. Too much protection can be as bad as none.

Sorry I can't be more specific.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> ...or one that has more than one antivirus/firewall.


You mean Avast and Defender? My Windows Defender wasn't even on a lot of the time anyway.

---------------------------------------

By the way, I still have a *ERUNT* folder on my computer, with these 2 subfolders:
*C:\Windows\ERUNT\DelFix
C:\Windows\ERUNT\JRT*
And each one has quite a few files in them.
Are they meant to stay, or are they supposed to be deleted?


----------



## Satchfan (Jan 12, 2009)

> You mean Avast and Defender? My Windows Defender wasn't even on a lot of the time anyway.


That wasn't aimed at you; I was just giving a couple of the main reasons. With regard to Windows Defender, it should be disabled *at all times*, not just *some of the time* on a Vista machine with an antivirus installed and running..

ERUNT is the Emergency Recovery Utility and just a back up of the registry but it's up to you if you want to keep it or delete the folders.


----------



## simr (May 13, 2013)

Is there any benefit in keeping the ERUNT folder?
(See attachment for files therein.)


----------



## Satchfan (Jan 12, 2009)

Erunt is more reliable than System Restore so yes, there are benefits. Read *this* and make up your own mind.


----------



## simr (May 13, 2013)

Okay thank you.
I'm still puzzled how a Bomgar related file got on my computer, but I guess you've got nothing to add to that...


----------



## Satchfan (Jan 12, 2009)

No idea, sorry.

Would you please mark this as "Solved"

Thanks and good luck.

Satchfan


----------



## valis (Sep 24, 2004)

i got it, Satch.......


----------



## Satchfan (Jan 12, 2009)

Thank you valis.


----------



## simr (May 13, 2013)

Thank you very much Satchfan, I really appreciate your help!

I just want to keep it "unsolved" a little longer (if it's okay with you) to see if anybody can come along with a theory as to how the Bomgar related file got onto my computer.


----------



## Satchfan (Jan 12, 2009)

Your problem *is* solved - only your questions remain.

As I have said before, if you have any other issues that are *not* related to malware that is/possibly on your computer at the present time, then you should post a topic in another forum where they may be able to help.

I am, (as are the others that help here), are all volunteers with real jobs & families and our time is precious so it would be good if you could continue this somewhere else.

Satchfan


----------



## simr (May 13, 2013)

Again, I very much appreciate your help, and you don't have to stay on in this thread if you feel you've completed your job here (and I thank you for it), but my original question which isn't solved yet is:


simr said:


> Hi, I found a .tmp (temp) file in my *Appdata/Local* folder, and I submitted it to VirusTotal and it said in the results (in the file detail tab) that it's from Bomgar software.
> 
> ...I never used this service on my computer, so a temp file from it on my computer worries me a bit.
> *Does anyone know how it could have ended up on my computer?*


---------------------------------------
Thank you Satchfan!


----------



## Satchfan (Jan 12, 2009)

You were welcome to the help but I feel that you are now abusing it. In this forum, the topic is finished.

The thread has been marked as "Solved" by a moderator of the forum and will, as such, not be responded to again. You will, therefore, be wasting your time unless you star a thread in the correct forum.

Satchfan


----------



## simr (May 13, 2013)

Satchfan said:


> I feel that you are now abusing it.


Definitely not what I'm doing (I was just asking if someone had a theory as to how the Bomgar file came onto my computer).


Satchfan said:


> You will, therefore, be wasting your time unless you star a thread in the correct forum.


I should start a new thread with the exact same question that was in my original post here?

Thank you again Satchfan! Take care.


----------



## simr (May 13, 2013)

Hi, is it okay if I ran, Delfix on my own to get rid of 30GB of system restores that Auslogics DiskDefrag created?


----------



## valis (Sep 24, 2004)

heyya simr, this topic is closed as per satchfan.....they have requested that if you have any new information that you start a new thread.


> You were welcome to the help but I feel that you are now abusing it. In this forum, the topic is finished.
> 
> The thread has been marked as "Solved" by a moderator of the forum and will, as such, not be responded to again. You will, therefore, be wasting your time unless you star a thread in the correct forum.
> 
> Satchfan


Not sure what part you are not understanding?

thanks,

v


----------

