|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
March 18th, 2014, 01:19 PM
|
|||
|
|||
|
System cleaning on a laptop
Hi: I have read some of the posts and resulting threads on the process for cleaning an operating system of malware and problems and I would like to try it with some help. I have a laptop with Windows Vista.
This Laptop when I acquired it was so slow when opening Windows that you could do no functions at all. It has been quite awhile since I have worked on it and I recall but did not take notes on what I did, I believe I went back to a time in the computer when Windows operated appropriately and reverted to that version of Windows. I have not been able to go to windows to update due to an error. I have run a Macafee subscription on it and it corrected some problems. I ran the Windows performance related disc cleanup and that has helped where now it I can use some functionality. These are some of the actions I recall. Thanks for any help you can offer. Mike Love Olney, Maryland USA Last edited by ihrescue; March 18th, 2014 at 01:44 PM. Reason: Added info 
|
|
#2
March 18th, 2014, 02:31 PM
|
||||
|
||||
|
Hi ihrescue and Welcome to the CyberTechHelp Forums.
I will be helping you fixing your problems Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools. 7- Please subscribe to this thread if you have not done already and please don't do any other scans on your own and don't install or remove software. Thank you! ------------------------------------------------------------------ Please use the tool Zoek: Download > http://hijackthis.nl/smeenk/ Select the .exe version, and save to the Desktop. On the Desktop, double-click zoek.exe to start the program. (Give it a few seconds to appear.) If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program. Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html Next, copy/paste the entire script in the code box below to the input field of Zoek: Quote:
Close any open Browsers. Click the Run script button, and wait. It takes a few minutes to run all the script. When the tool finishes, the zoek-results.log is opened in Notepad. The log is also found on the systemdrive, normally C:\ If a reboot is needed log is opened after the reboot. >> Please post the zoek-results.log in your reply. Thanks! Good day.
|
|
#3
March 18th, 2014, 03:31 PM
|
|||
|
|||
|
Thank you - I appreciate your technical help. I have discovered a TrendMicro security account that I need to obtain the access to from the laptop's owner and then will procede with your directions. Talk to you soon.
Mike Love
|
|
#4
March 18th, 2014, 06:32 PM
|
|||
|
|||
|
System Cleaning on a Laptop (Zoek Report Part 1)
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by phall707 on Tue 03/18/2014 at 13:01:24.74. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\phall707\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 3/18/2014 1:05:46 PM Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== Adobe Reader 8.1.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7448A3100000030]C:\Windows\Installer\890e41.msi ATI Catalyst Install Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\71EE1ECE8609DE1AEBEA625FE41FF438]C:\Windows\Installer\31a61.msi Broadcom Gigabit Integrated Controller [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\6755A46A268D8F4498CDB271CF9C8BE6]C:\Windows\Installer\12db0.msi Business Contact Manager for Outlook 2007 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\9504C23BA7E6FE14DA0265FD81279B32]C:\Windows\Installer\1ac7a.msi Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\E4F0F2085A0AD4E4D9B7913319E37F6B]C:\Windows\Installer\31a6f.msi Catalyst Control Center Core Implementation [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\9EE023FD972D19B00A6377706D3576A2]C:\Windows\Installer\31a76.msi Catalyst Control Center Graphics Full Existing [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\B4689E14A587213D0703BF021BF42964]C:\Windows\Installer\31a7d.msi Catalyst Control Center Graphics Full New [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\09BCCD27C492ACBF28B4945DA400094B]C:\Windows\Installer\31a84.msi Catalyst Control Center Graphics Light [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\1D62B8138E64F48A728525C1C32343E6]C:\Windows\Installer\31a8b.msi Catalyst Control Center Localization Chinese Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\756125D9DB2302C57D936D2AE82C0140]C:\Windows\Installer\31bb2.msi Catalyst Control Center Localization Chinese Traditional [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\476F26EDAF27A14801DBF20C8444BB70]C:\Windows\Installer\31bb9.msi Catalyst Control Center Localization Czech [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\0C038F6A5C05EF5EB4B62B5871E81993]C:\Windows\Installer\31b2d.msi Catalyst Control Center Localization Danish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\D25C9A1336683B552BF25D27F167669D]C:\Windows\Installer\31b34.msi Catalyst Control Center Localization Dutch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\B9E7B1A414C68EE85BF562D4CEB22FC2]C:\Windows\Installer\31b7a.msi Catalyst Control Center Localization Finnish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\6EE0C07C66A42440E04E8F6ABBFF9865]C:\Windows\Installer\31b50.msi Catalyst Control Center Localization French [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\C83B215B19363A0FCD40E50960826091]C:\Windows\Installer\31b57.msi Catalyst Control Center Localization German [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\03158CE579BE206304F006926B927F0A]C:\Windows\Installer\31b3b.msi Catalyst Control Center Localization Greek [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\868C94982ECDF4D8B83F4401138F4BFB]C:\Windows\Installer\31b42.msi Catalyst Control Center Localization Hungarian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\C8802B9B9263E4CFA94BAAA638C270B0]C:\Windows\Installer\31b5e.msi Catalyst Control Center Localization Italian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\EF9DEBDB4E662D0319BFE93F0629B670]C:\Windows\Installer\31b65.msi Catalyst Control Center Localization Japanese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\40DF6EF8D8F1231213877C7CC191085C]C:\Windows\Installer\31b6c.msi Catalyst Control Center Localization Korean [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\20E5ABA40854D2A3819C919D93870FE4]C:\Windows\Installer\31b73.msi Catalyst Control Center Localization Norwegian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\094731CD451BEAD9CD59C3A6E9B38E20]C:\Windows\Installer\31b81.msi Catalyst Control Center Localization Polish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\F07DDD58EAE2C055F190C8DABFF2B74D]C:\Windows\Installer\31b88.msi Catalyst Control Center Localization Portuguese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\28779B8FEE1A29243D1A463141F44F05]C:\Windows\Installer\31b8f.msi Catalyst Control Center Localization Russian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\29A5391CCFCC5A71D75E93162F9A781A]C:\Windows\Installer\31b96.msi Catalyst Control Center Localization Spanish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\7F7AA37CACA0B7231BF55B91F944BCFB]C:\Windows\Installer\31b49.msi Catalyst Control Center Localization Swedish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\769EAF04956CC5680003478A82C04EE8]C:\Windows\Installer\31b9d.msi Catalyst Control Center Localization Thai [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\95D91AD29B9E5FBA7ABCAEB1DE2F0CCF]C:\Windows\Installer\31ba4.msi Catalyst Control Center Localization Turkish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\7BB1CD65A64DD8F2A79C4E6DA88AFD20]C:\Windows\Installer\31bab.msi ccc-core-static [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\F1D64D713F797559323F7E997DBA5149]C:\Windows\Installer\31bc8.msi ccc-utility [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\B4C21E7122877E8199105EB617014045]C:\Windows\Installer\31bc0.msi CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\902B49AB88B9E42CA111A01E8D7286FC]C:\Windows\Installer\31b1f.msi CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\24237EAF2856938BE0C591A92E7BC204]C:\Windows\Installer\31b26.msi CCC Help Czech [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\DA3EF49466A670672CA94E8B8A712F18]C:\Windows\Installer\31a93.msi CCC Help Danish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\3B13132E56423629CCFF4EC0255BAA0F]C:\Windows\Installer\31a9a.msi CCC Help Dutch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\144AA01C2FE5A5A1DCA100A2943CD2DF]C:\Windows\Installer\31ae7.msi CCC Help English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\B6FCDCC62BB7F220CABE6994ECC0C3E9]C:\Windows\Installer\31aaf.msi CCC Help Finnish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\1C5CFE3762920F4534DFD38870A6D7CF]C:\Windows\Installer\31abd.msi CCC Help French [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\2854E9A6BDB7C2DAA840C0DDF02E6973]C:\Windows\Installer\31ac4.msi CCC Help German [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\520391544C4CC769D79080E5C276B821]C:\Windows\Installer\31aa1.msi CCC Help Greek [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\0AF60060591108E3C717F9546FCCEDA6]C:\Windows\Installer\31aa8.msi CCC Help Hungarian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\ADCDB000C14F54D0B3A139F6B0A4ECB5]C:\Windows\Installer\31acb.msi CCC Help Italian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\1AC2703704B5BB1274CD836F5498BE3A]C:\Windows\Installer\31ad2.msi CCC Help Japanese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\8912EA3A2CE568C1D33F42BF53A222CC]C:\Windows\Installer\31ad9.msi CCC Help Korean [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\B845DABAB77C7DD0533371FB03EEAFD4]C:\Windows\Installer\31ae0.msi CCC Help Norwegian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\AEE4359D337F351FAB65B8A0DCDA28D7]C:\Windows\Installer\31aee.msi CCC Help Polish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\87443889D28CB78663BD9E1BC5847C3C]C:\Windows\Installer\31af5.msi CCC Help Portuguese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\E3F16334A034D08B42B8676BC2D83548]C:\Windows\Installer\31afc.msi CCC Help Russian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\DEAA9715F87D989E08A187529FA76B47]C:\Windows\Installer\31b03.msi CCC Help Spanish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\81AE4445430AD0B073AEA68EFD1A13CE]C:\Windows\Installer\31ab6.msi CCC Help Swedish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\6D39EB9734044198CB67C6A8F62E4F00]C:\Windows\Installer\31b0a.msi CCC Help Thai [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\2F6960F75F9371AD5710C6D673DB054E]C:\Windows\Installer\31b11.msi CCC Help Turkish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\5468CA6C33ED3655062D728EA36AABFD]C:\Windows\Installer\31b18.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\5cfe2d.msi Java Auto Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401]C:\Windows\Installer\12d6a9.msi Java(TM) 6 Update 11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120611FF]C:\Windows\Installer\8a5cb9.msi Java(TM) 6 Update 4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004]C:\Windows\Installer\7a0732.msi Java(TM) 6 Update 7 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007]C:\Windows\Installer\49a4fe.msi LightScribe 1.4.142.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\E4A683ECAD0D80242853CB4E23576C49]C:\Windows\Installer\1ac8c.msi Microsoft .NET Framework 1.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A]C:\Windows\Installer\78023a.msi Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D]c:\Windows\Installer\50e9d8.msi Microsoft Office Access MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109510090400000000000F01FEC]C:\Windows\Installer\1abd0.msi Microsoft Office Access Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109711090400000000000F01FEC]C:\Windows\Installer\1abd6.msi Microsoft Office Excel MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109610090400000000000F01FEC]C:\Windows\Installer\1abdc.msi Microsoft Office Outlook MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109A10090400000000000F01FEC]C:\Windows\Installer\1abe2.msi Microsoft Office PowerPoint MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109810090400000000000F01FEC]C:\Windows\Installer\1abe8.msi Microsoft Office Professional Hybrid 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002119130000000000000000F01FEC]C:\Windows\Installer\1ac15.msi Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC]C:\Windows\Installer\1abfc.msi Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC]C:\Windows\Installer\1abf5.msi Microsoft Office Proof (Spanish) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109F100A0C00000000000F01FEC]C:\Windows\Installer\1abee.msi Microsoft Office Proofing (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109C20090400000000000F01FEC]C:\Windows\Installer\1ac02.msi Microsoft Office Publisher MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109910090400000000000F01FEC]C:\Windows\Installer\53be04.msi Microsoft Office Shared MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109E60090400000000000F01FEC]C:\Windows\Installer\53be10.msi Microsoft Office Shared Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109511090400000000000F01FEC]C:\Windows\Installer\1abca.msi Microsoft Office Word MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\00002109B10090400000000000F01FEC]C:\Windows\Installer\53be0a.msi Microsoft SQL Server 2005 Express Edition [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\7DDFFFA258DE09A4C825D59ABECDB9F8]C:\Windows\Installer\1ac61.msi Microsoft SQL Server Native Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\D3980A058D740E847A8E44CB7D4E24E2]C:\Windows\Installer\1ac45.msi Microsoft SQL Server Setup Support Files (English) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\EE3C5F35DE50038499B4052B0F5DF0EC]C:\Windows\Installer\1ac4b.msi Microsoft SQL Server VSS Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\416F2D0C5EC5BCD468875E9CFA07448F]C:\Windows\Installer\1ac5a.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\12da9.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\F942F94A19C0F79468FD2B85E5E8677B]C:\Windows\Installer\31a68.msi MSN Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\21696C01B7105F549B68D711D3A5E23A]C:\Windows\Installer\8a5cc4.msi MSXML 4.0 SP2 (KB936181) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\0E23E40C6140D434FA9B96967D309AFE]C:\Windows\Installer\6dbc4.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\68b82.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\856fb.msi NTI Backup Now Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\4A1AFE21B3CAC344183432E7ED674030]C:\Windows\Installer\1ac91.msi NTI Media Maker 8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\C039314290386A74CB16E52FA72422CB]C:\Windows\Installer\1ac85.msi NTI Shadow [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\AC6AE7F64F970A443A07E828BB6135A4]C:\Windows\Installer\1ac97.msi OpenOffice.org 2.4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\BD0C2DC23C18B614F96A85B9295353B9]C:\Windows\Installer\7a0736.msi RPS CRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\2E94785264A31B24A910FB79A70AF6CA]C:\Windows\Installer\83057e.msi StuffIt 12 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\484C3DE9200DD4D4B93F3CFD0984EED7]C:\Windows\Installer\7a073a.msi Trend Micro Titanium [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\9AB4DBBA30762D04BAE1B51B7FBD944A]C:\Windows\Installer\3abfd.msi Vz In Home Agent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\194E6196FBB8A8E4FADA0D31700C955E]C:\Windows\Installer\146099.msi WinDVD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Products\864FBEF52CA566C4DA08FD580C58AA37]C:\Windows\Installer\31c01.msi ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1135095979-448020807-1748827012-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-1135095979-448020807-1748827012-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office system Acer Assist Acer Crystal Eye Webcam 2.0.8 Acer Empowering Technology Acer ePower Management Acer eRecovery Management Acer GridVista Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Adobe Flash Player 12 ActiveX Adobe Reader 8.1.3 AMD USB Audio Driver Filter ATI Catalyst Install Manager Broadcom Gigabit Integrated Controller Business Contact Manager for Outlook 2007 SP1 Carbonite Online Backup Setup Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center InstallProxy Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Google Chrome Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) InterVideo WinDVD 8 Java Auto Updater Java(TM) 6 Update 29 Java(TM) 6 Update 4 Java(TM) 6 Update 7 Lake Scenes Screen Saver Launch Manager LightScribe 1.4.142.1 McAfee Security Scan Plus McAfee SiteAdvisor McAfee Virtual Technician Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 Redistributable Mozilla Sunbird (0.5) MSN Toolbar MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NTI Shadow O2Micro Flash Memory Card Reader Driver (x86) O2Micro Flash Memory Card Reader Driver Installer(x86) OpenOffice.org 2.4 Realtek High Definition Audio Driver RPS CRT Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) StuffIt 12 Synaptics Pointing Device Driver Trend Micro Titanium Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Office 2007 (KB946691) Verizon Help and Support Tool Verizon High Speed Internet Verizon Online Help and Support Verizon Servicepoint 3.7.44 Vz In Home Agent ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Verizon\VSP\ServicepointService.exe C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\phall707\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_12_ 0_0_77_ActiveX.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.ex e C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\phall707\Desktop\zoek.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k regsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv ==== Batch Command(s) Run By Tool====================== Volume in drive C is ACER Volume Serial Number is 240E-99D1 Directory of C:\ 11/02/2006 09:02 AM <JUNCTION> Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData] 11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents] 11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites] 11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 11/02/2006 09:02 AM <SYMLINKD> All Users [C:\ProgramData] 11/02/2006 09:02 AM <JUNCTION> Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData] 11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents] 11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites] 11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default 11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming] 11/02/2006 09:02 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Cookies] 11/02/2006 09:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local] 11/02/2006 06:23 AM <JUNCTION> Music [C:\Users\Default\Music] 11/02/2006 09:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents] 11/02/2006 09:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Network Shortcuts] 11/02/2006 06:23 AM <JUNCTION> Pictures [C:\Users\Default\Pictures] 11/02/2006 09:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Printer Shortcuts] 11/02/2006 09:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Recent] 11/02/2006 09:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows \SendTo] 11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu] 11/02/2006 09:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Templates] 11/02/2006 06:23 AM <JUNCTION> Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local] 11/02/2006 09:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\H istory] 11/02/2006 09:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\T emporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local\Microsoft\Windows 11/02/2006 09:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\H istory] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Default\Music] 11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures] 11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\phall707 10/11/2008 02:22 AM <JUNCTION> Application Data [C:\Users\phall707\AppData\Roaming] 10/11/2008 02:22 AM <JUNCTION> Cookies [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Cookies] 10/11/2008 02:22 AM <JUNCTION> Local Settings [C:\Users\phall707\AppData\Local] 10/11/2008 02:22 AM <JUNCTION> My Documents [C:\Users\phall707\Documents] 10/11/2008 02:22 AM <JUNCTION> NetHood [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Network Shortcuts] 10/11/2008 02:22 AM <JUNCTION> PrintHood [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Printer Shortcuts] 10/11/2008 02:22 AM <JUNCTION> Recent [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Recent] 10/11/2008 02:22 AM <JUNCTION> SendTo [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\SendTo] 10/11/2008 02:22 AM <JUNCTION> Start Menu [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu] 10/11/2008 02:22 AM <JUNCTION> Templates [C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Templates] 0 File(s) 0 bytes Directory of C:\Users\phall707\AppData\Local 10/11/2008 02:22 AM <JUNCTION> Application Data [C:\Users\phall707\AppData\Local] 10/11/2008 02:22 AM <JUNCTION> History [C:\Users\phall707\AppData\Local\Microsoft\Windows\ History] 10/11/2008 02:22 AM <JUNCTION> Temporary Internet Files [C:\Users\phall707\AppData\Local\Microsoft\Windows\ Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Public 11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Public\Music] 11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures] 11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 52 Dir(s) 32,654,020,608 bytes free ((needed to shorten message see part 2 in thread - System Cleaning on a Laptop (Zoek Report Part 2)))
|
|
#5
March 18th, 2014, 06:33 PM
|
|||
|
|||
|
((System Cleaning on a Laptop (Zoek Report Part 2 ))
==== Deleting Files \ Folders ====================== C:\Windows\system32\appdata deleted "C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$6d0739aa4577bb01a971cb47001c4672\@" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\00000004.@" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\201d3dde" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\76603ac3" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\00000004.@" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\201d3dde" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L\76603ac3" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672" deleted "C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$6d0739aa4577bb01a971cb47001c4672" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\U" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\L" deleted "C:\$RECYCLE.BIN\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\U" deleted "C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$6d0739aa4577bb01a971cb47001c4672\L" deleted "C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$6d0739aa4577bb01a971cb47001c4672\U" deleted ==== Registry Search Results for "$6d0739aa4577bb01a971cb47001c4672" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32] @="C:\\$Recycle.Bin\\S-1-5-18\\$6d0739aa4577bb01a971cb47001c4672\\n." [HKEY_USERS\S-1-5-21-1135095979-448020807-1748827012-1003\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32] @="C:\\$Recycle.Bin\\S-1-5-21-1135095979-448020807-1748827012-1003\\$6d0739aa4577bb01a971cb47001c4672\\n." [HKEY_USERS\S-1-5-21-1135095979-448020807-1748827012-1003_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32] @="C:\\$Recycle.Bin\\S-1-5-21-1135095979-448020807-1748827012-1003\\$6d0739aa4577bb01a971cb47001c4672\\n." ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\phall707\AppData\Local\Temp ==== 2014-03-17 19:16:29 393BA6CDDC61FF9E8CDB642D2C981D63 35177604 ----a-w- C:\Users\phall707\AppData\Local\Temp\{6DF2D68B-CB7A-4000-8DED-AFC055733485}-33.0.1750.154_chrome_installer.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\phall707\AppData\Roaming ====== ====== C:\Users\phall707 ====== ====== C: exe-files == 2014-03-18 14:08:32 C9BD63D795B6D1661125C519B361CD3C 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$IAEN3WJ.exe 2014-03-18 12:10:16 B3E2F3C3E6A9373DA238922662B7B59C 36838104 ----a-w- C:\Program Files\Google\Update\Install\{AF0D09F3-A375-4BE9-BE21-1C157C871C3F}\33.0.1750.154_chrome_installer.exe 2014-03-18 12:09:05 B3E2F3C3E6A9373DA238922662B7B59C 36838104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_chrome_i nstaller.exe 2014-03-17 22:30:28 E7A2D42DDFE1AF501E06D27A11C170DE 827456 ----a-w- C:\Windows\Temp\0268751395095428mcinst.exe 2014-03-17 22:29:44 A7A1FCC6BC13EC872C7B36F7283243D1 67120 ----a-w- C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\TmExtIns.exe 2014-03-17 21:18:48 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$RAEN3WJ.exe 2014-03-17 20:20:27 E7A2D42DDFE1AF501E06D27A11C170DE 827456 ----a-w- C:\Windows\Temp\0014001395087627mcinst.exe 2014-03-17 19:31:12 D7DEBCEAF5FADFFC7FE33AA714D7EEF2 1047560 ----a-w- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe 2014-03-17 19:31:12 14E307C6CF6AEFB3ADA406A719A2E339 132920 ----a-w- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe 2014-03-17 19:16:29 393BA6CDDC61FF9E8CDB642D2C981D63 35177604 ----a-w- C:\Users\phall707\AppData\Local\Temp\{6DF2D68B-CB7A-4000-8DED-AFC055733485}-33.0.1750.154_chrome_installer.exe 2014-03-17 19:11:34 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand. exe 2014-03-17 19:11:34 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.ex e 2014-03-17 19:11:32 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe 2014-03-17 19:08:52 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64. exe 2014-03-17 19:08:50 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.ex e 2014-03-17 19:08:39 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe 2014-03-17 19:08:29 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe === C: other files == 2014-03-17 19:31:50 C124CB5EC80E0DD43FF7E562D71381D9 152850 ----a-w- C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\Helper\chrome_tmb ep.crx 2014-03-17 19:31:44 C124CB5EC80E0DD43FF7E562D71381D9 152850 ------w- C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\chrome_t mbep.crx ======== System Restore Points ======== RP258: 11/20/2012 3:00:18 AM - Windows Update RP259: 11/22/2012 12:27:40 PM - Windows Update RP260: 11/22/2012 12:31:39 PM - Installed Java(TM) 6 Update 37 RP261: 11/24/2012 4:38:41 PM - Windows Update RP262: 12/8/2012 2:30:36 PM - Windows Update RP263: 12/22/2012 4:36:06 PM - Device Driver Package Install: Trend Micro Inc. RP264: 12/22/2012 4:37:34 PM - Device Driver Package Install: Trend Micro Inc. RP265: 12/22/2012 4:37:56 PM - Device Driver Package Install: Trend Micro Inc. RP267: 2/7/2013 12:08:22 PM - Removed Retrospect Express HD 2.0. RP268: 2/7/2013 12:09:21 PM - Removed MSN Toolbar RP270: 2/7/2013 12:11:41 PM - Removed eSobi v2 RP272: 2/7/2013 1:17:45 PM - Removed 2007 Microsoft Office system RP274: 2/7/2013 1:20:52 PM - Removed 2007 Microsoft Office system RP276: 2/7/2013 5:58:04 PM - Removed AQUAZONE OpenWater RP277: 2/7/2013 6:01:27 PM - Removed IHA_MessageCenter RP278: 2/7/2013 6:12:19 PM - Installed Adobe Flash Player 10 ActiveX. RP279: 2/7/2013 6:18:09 PM - Removed Retrospect Express HD 2.0. RP280: 3/18/2014 1:05:18 PM - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" "Acer Assist Launcher"="C:\Program Files\Acer\Acer Assist\launcher.exe" "Acer Product Registration"="C:\Program Files\Acer\Acer Registration\ACE1.exe /startup" "Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" "RPS Unicorn Install Reboot"="C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\InstallLauncher.exe IIGUID={B1DE91EA-1BFA-44EA-9FCC-B5162CE9ACE6}" "CarboniteSetupLite"="C:\Program Files\Carbonite\CarbonitePreinstaller.exe /preinstalled /showonfirst /reshowat=1800" "VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe /AUTORUN" "Trend Micro Titanium"="C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent 1 SplashURL " "Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="Search Protection" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YSearchProtection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="YSearchProtection" "hkey"="HKCU" "command"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\"" ==== Startup Folders ====================== 2010-02-05 05:23:22 1044 ----a-w- C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk 2010-02-05 05:08:55 1915 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [03/17/2014 03:08 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/07/2013 07:22 PM] C:\Windows\tasks\vtscheduletask.job --a------ C:\Program Files\McAfee\Supportability\MVT\MvtApp.exe [10/28/2010 03:25 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachine Core" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachine UA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronizati on-{C40A0E30-99E1-4E1C-BA56-05C6CD3D3657}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\vtscheduletask" [C:\Program Files\McAfee\Supportability\MVT\MvtApp.exe] "C:\Windows\system32\tasks\Acer\Acer Assist\New Message Check - phall707" [C:\Program Files\Acer\Acer Assist\AcerAssist.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions] "{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension" [03/17/2014 06:29 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\phall707\AppData\Roaming\Mozilla\Sunbird\ Profiles\iltx7hj9.default - Talkback - C:\Program Files\Mozilla Sunbird\extensions\talkback@mozilla.org ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns bmiabdepfhhiieiipmeecdmeljggmfee - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_t mbep.crx[08/20/2013 04:04 AM] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[10/02/2013 03:05 PM] YouTube - phall707\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo TrendMicro BEP Extension - phall707\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmelj ggmfee Google Search - phall707\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf SiteAdvisor - phall707\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho Gmail - phall707\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia ==== Uninstall List x86 ====================== 2007 Microsoft Office system [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\PROHYBRIDR] Acer Assist [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Acer Assist] Acer Crystal Eye Webcam 2.0.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}] Acer Empowering Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{8F1B6239-FEA0-450A-A950-B05276CE177C}] Acer ePower Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{58E5844B-7CE2-413D-83D1-99294BF6C74F}] Acer eRecovery Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{7F811A54-5A09-4579-90E1-C93498E230D9}] Acer GridVista [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\GridVista] Acer Mobility Center Plug-In [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{11316260-6666-467B-AC34-183FCB5D4335}] Acer Registration [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Acer Registration] Acer ScreenSaver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}] Adobe Flash Player 12 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Reader 8.1.3 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81300000003}] AMD USB Audio Driver Filter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A3AB35FA-943E-4799-99DC-46EFD59E998F}] ATI Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{ECE1EE17-9068-A1ED-BEAE-26F54EF14F83}] Broadcom Gigabit Integrated Controller [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A64A5576-D862-44F8-89DC-2B17FCC9B86E}] Business Contact Manager for Outlook 2007 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{B32C4059-6E7A-41EF-AD20-56DF1872B923}] Business Contact Manager for Outlook 2007 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Business Contact Manager] Carbonite Online Backup Setup [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Carbonite Setup Lite] Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}] Catalyst Control Center Core Implementation [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{DF320EE9-D279-0B91-A036-7707D653672A}] Catalyst Control Center Graphics Full Existing [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{41E9864B-785A-D312-7030-FB20B14F9246}] Catalyst Control Center Graphics Full New [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{72DCCB90-294C-FBCA-824B-49D54A0090B4}] Catalyst Control Center Graphics Light [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{318B26D1-46E8-A84F-2758-521C3C32346E}] Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{B7273DAD-1972-0971-C126-B54B63D7F207}] Catalyst Control Center Localization Chinese Standard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{9D521657-32BD-5C20-D739-D6A28EC21004}] Catalyst Control Center Localization Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{DE62F674-72FA-841A-10BD-2FC04844BB07}] Catalyst Control Center Localization Czech [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A6F830C0-50C5-E5FE-4B6B-B285178E9139}] Catalyst Control Center Localization Danish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{31A9C52D-8663-55B3-B22F-D5721F7666D9}] Catalyst Control Center Localization Dutch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{4A1B7E9B-6C41-8EE8-B55F-264DEC2BF22C}] Catalyst Control Center Localization Finnish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C70C0EE6-4A66-0442-0EE4-F8A6BBFF8956}] Catalyst Control Center Localization French [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{B512B38C-6391-F0A3-DC04-5E9006280619}] Catalyst Control Center Localization German [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{5EC85130-EB97-3602-400F-6029B629F7A0}] Catalyst Control Center Localization Greek [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{8949C868-DCE2-8D4F-8BF3-441031F8B4BF}] Catalyst Control Center Localization Hungarian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{B9B2088C-3629-FC4E-9AB4-AA6A832C070B}] Catalyst Control Center Localization Italian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{BDBED9FE-66E4-30D2-91FB-9EF360926B07}] Catalyst Control Center Localization Japanese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{8FE6FD04-1F8D-2132-3178-C7C71C1980C5}] Catalyst Control Center Localization Korean [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{4ABA5E02-4580-3A2D-18C9-19D93978F04E}] Catalyst Control Center Localization Norwegian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{DC137490-B154-9DAE-DC95-3C6A9E3BE802}] Catalyst Control Center Localization Polish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{85DDD70F-2EAE-550C-1F09-8CADFB2F7BD4}] Catalyst Control Center Localization Portuguese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{F8B97782-A1EE-4292-D3A1-6413144FF450}] Catalyst Control Center Localization Russian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C1935A92-CCFC-17A5-7DE5-3961F2A987A1}] Catalyst Control Center Localization Spanish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C73AA7F7-0ACA-327B-B15F-B5199F44CBBF}] Catalyst Control Center Localization Swedish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{40FAE967-C659-865C-0030-74A8280CE48E}] Catalyst Control Center Localization Thai [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{2DA19D59-E9B9-ABF5-A7CB-EA1BEDF2C0FC}] Catalyst Control Center Localization Turkish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{56DC1BB7-D46A-2F8D-7AC9-E4D68AA8DF02}] ccc-core-static [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{17D46D1F-97F3-9557-23F3-E799D7AB1594}] ccc-utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{17E12C4B-7822-18E7-9901-E56B71100454}] CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{BA94B209-9B88-C24E-1A11-0AE1D82768CF}] CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{FAE73242-6582-B839-0E5C-199AE2B72C40}] CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{494FE3AD-6A66-7607-C29A-E4B8A817F281}] CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{E23131B3-2465-9263-CCFF-E40C52B5AAF0}] CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C10AA441-5EF2-1A5A-CD1A-002A49C32DFD}] CCC Help English [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{6CCDCF6B-7BB2-022F-ACEB-9649CE0C3C9E}] CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{73EFC5C1-2926-54F0-43FD-3D88076A7DFC}] CCC Help French [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{6A9E4582-7BDB-AD2C-8A04-0CDD0FE29637}] CCC Help German [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{45193025-C4C4-967C-7D09-085E2C678B12}] CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{06006FA0-1195-3E80-7C71-9F45F6CCDE6A}] CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{000BDCDA-F41C-0D45-3B1A-936F0B4ACE5B}] CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{73072CA1-5B40-21BB-47DC-38F64589EBA3}] CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A3AE2198-5EC2-1C86-3DF3-24FB352A22CC}] CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{ABAD548B-C77B-0DD7-3533-17BF30EEFA4D}] CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{D9534EEA-F733-F153-BA56-8B0ACDAD827D}] CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{98834478-C82D-687B-36DB-E9B15C48C7C3}] CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{43361F3E-430A-B80D-248B-76B62C8D5384}] CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{5179AAED-D78F-E989-801A-7825F97AB674}] CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{5444EA18-A034-0B0D-37EA-6AE8DFA131EC}] CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{79BE93D6-4043-8914-BC76-6C8A6FE2F400}] CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{7F0696F2-39F5-DA17-7501-6C6D37BD50E4}] CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C6AC8645-DE33-5563-60D2-27E83AA6BADF}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HDAUDIO Soft Data Fax Modem with SmartCP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&D EV_2BFAOR2C06_118] InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}] InterVideo WinDVD 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}] Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] Java(TM) 6 Update 29 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}] Java(TM) 6 Update 4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}] Java(TM) 6 Update 7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}] Lake Scenes Screen Saver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Lake Scenes Screen Saver] Launch Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\LManager] LightScribe 1.4.142.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{CE386A4E-D0DA-4208-8235-BCE43275C694}] McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\McAfee Security Scan] McAfee SiteAdvisor [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}] McAfee Virtual Technician [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\McAfee Virtual Technician] Microsoft .NET Framework 1.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] Microsoft .NET Framework 1.1 Security Update (KB2416447) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\M2416447] Microsoft .NET Framework 1.1 Security Update (KB979906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\M979906] Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] Microsoft SQL Server 2005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Microsoft SQL Server 2005] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}] Microsoft SQL Server Native Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}] Microsoft SQL Server Setup Support Files (English) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}] Microsoft SQL Server VSS Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{A49F249F-0C91-497F-86DF-B2585E8E76B7}] Mozilla Sunbird (0.5) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Mozilla Sunbird (0.5)] MSN Toolbar [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{10C69612-017B-45F5-B986-7D113D5A2EA3}] MSXML 4.0 SP2 (KB936181) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] NTI Backup Now 5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}] NTI Backup Now Standard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{12EFA1A4-AC3B-443C-8143-237EDE760403}] NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{2413930C-8309-47A6-BC61-5EF27A4222BC}] NTI Media Maker 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}] NTI Shadow [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}] NTI Shadow [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}] O2Micro Flash Memory Card Reader Driver (x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{61B9BC1E-F0E6-4A4F-98CB-A0D2EB2D7731}] O2Micro Flash Memory Card Reader Driver Installer(x86) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{372B31CF-77FB-4E29-860C-A0EA2985AB7F}] OpenOffice.org 2.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{2CD2C0DB-81C3-416B-9FA6-589B9235359B}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] RPS CRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{258749E2-3A46-42B1-9A01-BF977AA06FAC}] StuffIt 12 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}] Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\SynTPDeinstKey] Trend Micro Titanium [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}] Trend Micro Titanium [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}] Verizon Help and Support Tool [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Verizon Help and Support] Verizon High Speed Internet [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Verizon High Speed Internet_is1] Verizon Online Help and Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\Verizon Online Help and Support] Verizon Servicepoint 3.7.44 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\RadialpointClientGateway_is1] Vz In Home Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Uninstall\{6916E491-8BBF-4E8A-AFAD-D01307C059E5}] ==== HijackThis Entries ====================== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg. dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetI] "C:\Windows\PLFSetI.exe" O4 - HKLM\..\Run: [LManager] "C:\PROGRA~1\LAUNCH~1\LManager.exe" O4 - HKLM\..\Run: [ePower_DMC] "C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer\Acer Assist\launcher.exe" O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [RPS Unicorn Install Reboot] "C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\InstallLauncher.exe" IIGUID={B1DE91EA-1BFA-44EA-9FCC-B5162CE9ACE6} O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: *.verizon.net O15 - Trusted IP range: 192.168.1.1 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32 .dll O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg. dll O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiv eX.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: McAfee Application Installer Cleanup (0268751395095428) (0268751395095428mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\026875~1.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing) O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=10 265714 bytes) ==== After Reboot ====================== ==== EOF on Tue 03/18/2014 at 13:20:51.70 ======================
|
|
#6
March 18th, 2014, 11:32 PM
|
||||
|
||||
|
Hi ihrescue, Thanks for the Logs.
Please uninstall Trend Micro. Uninstalling Trend Micro program using the Trend Micro Diagnostic Toolkit: http://esupport.trendmicro.com/solut...ferral=1056551 Then system restart. ------------------------------------------------------------ Step 1: Please download AdwCleaner by Xplode and save to your Desktop.
Step 2: RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop. Link 1 Link 2
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
------------- Please make sure you include the following items in your next post: 1.Adwcleaner Log. 2.Rkill Log. 3.MalwareBytes Log. Good day.
|
|
#7
March 19th, 2014, 02:24 AM
|
|||
|
|||
|
System Cleaning on a Laptop
I am hoping I didn't make a mistake. I ran the MBAM, selected the bad files and cleaned them off. Then I got a prompt to click to reboot to clean them off permanently. The computer went through the Windows shutdown and re-started but Windows has not come back up after a very long time. Do you have any suggestions how to proceed? Since I was at the end of the MBAM process when it gave the prompt to reboot I did not close MBAM before it rebooted.
Mike Love
|
|
#8
March 19th, 2014, 02:58 AM
|
|||
|
|||
|
I was able to go through the task manager and restart and finally got the desktop image. All seems to be okay. The three log reports are as follows.
************************************************** ******** Resulting Log Reports ************************************************** ** # AdwCleaner v3.022 - Report created 18/03/2014 at 20:10:05 # Updated 13/03/2014 by Xplode # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Username : phall707 - PHALL707-PC # Running from : C:\Users\phall707\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\phall707\Desktop\Search.lnk Folder Found C:\Program Files\Freeze.com Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com Folder Found C:\ProgramData\WeCareReminder ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\wecarereminder Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder. 1 Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16455 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\phall707\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [3812 octets] - [18/03/2014 20:10:05] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3872 octets] ########## ************************************************** ********** Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/18/2014 08:18:49 PM in x86 mode. Windows Version: Windows Vista (TM) Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\PLFSetI.exe (PID: 3660) [WD-HEUR] * C:\Users\phall707\AppData\Local\Temp\RtkBtMnt.exe (PID: 3360) [UP-HEUR] * C:\Users\phall707\AppData\Local\Temp\RtkBtMnt.exe (PID: 3360) [T-HEUR] * C:\Users\phall707\AppData\Local\Temp\1395187580\Ch romeHelperProc.exe (PID: 4632) [T-HEUR] 4 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * ALERT: ZEROACCESS rootkit symptoms found! * C:\Windows\assembly\GAC\Desktop.ini [ZA File] Checking Windows Service Integrity: * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic * WinDefend [Missing Service] * wscsvc => "C:\Windows\system32\wscsvc.dll" [Incorrect ServiceDLL] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 03/18/2014 08:20:07 PM Execution time: 0 hours(s), 1 minute(s), and 18 seconds(s) ************************************************** ***************** 2014/03/18 20:25:07 -0400 PHALL707-PC phall707 MESSAGE Starting protection 2014/03/18 20:25:07 -0400 PHALL707-PC phall707 MESSAGE Protection started successfully 2014/03/18 20:25:07 -0400 PHALL707-PC phall707 MESSAGE Starting IP protection 2014/03/18 20:25:42 -0400 PHALL707-PC phall707 MESSAGE IP Protection started successfully 2014/03/18 20:25:42 -0400 PHALL707-PC phall707 MESSAGE Starting database refresh 2014/03/18 20:25:42 -0400 PHALL707-PC phall707 MESSAGE Stopping IP protection 2014/03/18 20:25:44 -0400 PHALL707-PC phall707 MESSAGE IP Protection stopped successfully 2014/03/18 20:25:50 -0400 PHALL707-PC phall707 MESSAGE Database refreshed successfully 2014/03/18 20:25:50 -0400 PHALL707-PC phall707 MESSAGE Starting IP protection 2014/03/18 20:26:02 -0400 PHALL707-PC phall707 MESSAGE IP Protection started successfully 2014/03/18 21:08:36 -0400 PHALL707-PC phall707 MESSAGE Starting protection 2014/03/18 21:08:36 -0400 PHALL707-PC phall707 MESSAGE Protection started successfully 2014/03/18 21:08:36 -0400 PHALL707-PC phall707 MESSAGE Starting IP protection 2014/03/18 21:08:46 -0400 PHALL707-PC phall707 MESSAGE IP Protection started successfully 2014/03/18 21:44:05 -0400 PHALL707-PC phall707 MESSAGE Starting protection 2014/03/18 21:44:05 -0400 PHALL707-PC phall707 MESSAGE Protection started successfully 2014/03/18 21:44:05 -0400 PHALL707-PC phall707 MESSAGE Starting IP protection 2014/03/18 21:44:19 -0400 PHALL707-PC phall707 MESSAGE IP Protection started successfully ************************************************** ********************* Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.18.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 phall707 :: PHALL707-PC [administrator] Protection: Enabled 3/18/2014 8:26:25 PM mbam-log-2014-03-18 (20-26-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221219 Time elapsed: 17 minute(s), 22 second(s) Memory Processes Detected: 2 C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> 3744 -> Delete on reboot. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts.A) -> 3120 -> Delete on reboot. Memory Modules Detected: 3 C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot. C:\Users\phall707\AppData\Local\ArcadeParlor\Arcad eparlor.dll (PUP.Optional.ArcadeParlor.A) -> Delete on reboot. Registry Keys Detected: 24 HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\IEHelperv250.WeCareReminder.1 (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\IEHelperv250.WeCareReminder (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. HKCR\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\CLSID\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{B3201ABA-7CDE-4C8D-A28D-4316427BD6D1} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\Interface\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCR\CLSID\{B60591CD-AA25-4261-B05A-77826471C0A3} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> Quarantined and deleted successfully. HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. HKCR\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKCR\Interface\{96B4DEA0-F89C-475C-8124-B247260B7CB5} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{B74443DB-5A88-4583-860A-F0D06EF399E3} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Yahoo! Companion (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$6d0739aa4577bb01a971cb47001c4672\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully. Folders Detected: 15 C:\ProgramData\WeCareReminder (PUP.Optional.WeCare.A) -> Delete on reboot. C:\ProgramData\WeCareReminder\wecarereminder@bryan (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome\logo (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \components (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \defaults (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \defaults\preferences (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\Weather_Notificati ons,_LL (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\Weather_Notificati ons,_LL\SevereWeatherAlerts.exe_Url_3b5vjqoj1ynvjj afuuyj04erk1ju5thi (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\Weather_Notificati ons,_LL\SevereWeatherAlerts.exe_Url_3b5vjqoj1ynvjj afuuyj04erk1ju5thi\1.21.0.0 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Delete on reboot. C:\Users\phall707\AppData\Roaming\InstallX Search Protect for Yahoo (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. Files Detected: 150 C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts.A) -> Delete on reboot. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts.A) -> Delete on reboot. C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (PUP.Optional.WeCare.A) -> Delete on reboot. C:\ProgramData\WeCareReminder\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\$RECYCLE.BIN\S-1-5-21-1135095979-448020807-1748827012-1003\$RL0H0VC.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\uninstall.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\MerchantHash.json (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\cleanwateraction.bmp (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\IEHelperv2.5.0PS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\IEMenuItem.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\IEMenuItemPS.dll (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\IEToolMenuDisable.ex e (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminderro.crx (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome.manifest (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \install.rdf (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome\wecarereminder.jar (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome\logo\default_serp.gif (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \chrome\logo\wecare_logo.bmp (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \components\httpModifyListener.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \components\WCR_MerchantHash.idl (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \components\WCR_MerchantHash.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \components\WCR_MerchantHash.xpt (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\ProgramData\WeCareReminder\wecarereminder@bryan \defaults\preferences\wecarereminder.js (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlerts.exe.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\ICSharpCode.SharpZipLib.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\mod.SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsBrowser.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsK.dat.U.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SevereWeatherAlertsU.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\SWAUpdater.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.0.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.1.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.10.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.100.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.101.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.11.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.12.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.13.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.14.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.15.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.16.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.17.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.18.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.19.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.2.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.20.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.21.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.22.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.23.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.24.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.25.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.27.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.28.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.29.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.3.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.30.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.31.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.32.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.33.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.34.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.35.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.36.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.37.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.38.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.39.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.4.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.40.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.41.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.42.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.43.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.26.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.44.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.62.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.80.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.45.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.46.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.47.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.48.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.49.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.5.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.50.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.51.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.52.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.53.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.54.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.55.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.56.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.57.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.58.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.59.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.6.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.60.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.61.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.63.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.64.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.65.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.66.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.67.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.68.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.69.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.7.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.70.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.71.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.72.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.73.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.74.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.75.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.76.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.77.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.78.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.79.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.8.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.81.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.82.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.83.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.84.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.85.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.86.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.87.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.88.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.89.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.9.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.90.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.91.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.92.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.93.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.94.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.95.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.96.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.97.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.98.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\SevereWeatherAlert s\0318200633\3699.99.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Windows\Tasks\ArcadeParlor.job (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\Weather_Notificati ons,_LL\SevereWeatherAlerts.exe_Url_3b5vjqoj1ynvjj afuuyj04erk1ju5thi\1.21.0.0\user.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\ArcadeParlor\ap.co nfig (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\ArcadeParlor\Arcad eparlor.dll (PUP.Optional.ArcadeParlor.A) -> Delete on reboot. C:\Users\phall707\AppData\Local\ArcadeParlor\broke r.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\ArcadeParlor\remov al.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Local\ArcadeParlor\versi oncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. C:\Users\phall707\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log (PUP.Optional.InstallX.A) -> Quarantined and deleted successfully. (end)
|
|
#9
March 19th, 2014, 04:50 PM
|
||||
|
||||
|
Hi ihrescue, thanks for the Logs.
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again. Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection. If you would like to format and reinstall your Operating System please let me know. If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.  ************************************************** ****** For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. Plug the flashdrive into the infected PC. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:
To enter System Recovery Options by using Windows installation disc:
On the System Recovery Options menu you will get the following options:Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt
Good day.
|
|
#10
March 19th, 2014, 05:26 PM
|
|||
|
|||
|
I am going to go ahead and perform the cleaning you recommended above. Will I need to send you anymore log reports?
Also a question. Once I complete this last cleaning can I go ahead and install Trend Micro Titanium? You have been a big help and I thank you. Mike Love
|
|
#11
March 19th, 2014, 05:41 PM
|
||||
|
||||
|
Quote:
Quote:
|
|
#12
March 19th, 2014, 09:20 PM
|
|||
|
|||
|
SUBJECT: System cleaning on a laptop - Log Report from Farbar Recovery Scan Tool
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by SYSTEM on MINWINPC on 19-03-2014 16:08:04 Running from G:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34040 2008-04-06] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-22] (Synaptics, Inc.) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-07-31] (Realtek Semiconductor) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-07-31] (Realtek Semiconductor Corp.) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2007-10-23] () HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [864576 2008-05-08] (Dritek System Inc.) HKLM\...\Run: [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [397312 2008-04-30] (Acer Inc.) HKLM\...\Run: [eRecoveryService] - [X] HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] () HKLM\...\Run: [Acer Product Registration] - C:\Program Files\Acer\Acer Registration\ACE1.exe [3387392 2007-11-26] (Leader Technologies) HKLM\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [Verizon_McciTrayApp] - C:\Program Files\Verizon\McciTrayApp.exe [1565696 2010-03-17] (Alcatel-Lucent) HKLM\...\Run: [RPS Unicorn Install Reboot] - "C:\Program Files\InstallShield Installation Information\{13F8BD99-B753-4007-A060-7EAE3891756F}\InstallLauncher.exe" IIGUID={B1DE91EA-1BFA-44EA-9FCC-B5162CE9ACE6} HKLM\...\Run: [CarboniteSetupLite] - C:\Program Files\Carbonite\CarbonitePreinstaller.exe [283792 2010-03-09] (Carbonite, Inc.) HKLM\...\Run: [VerizonServicepoint.exe] - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [4318520 2011-01-10] (Verizon) HKLM\...\Run: [EarthLink Installer] - " /C HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] () HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] () Startup: C:\Users\phall707\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe () ========================== Services (Whitelisted) ================= S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [104880 2014-01-22] (McAfee, Inc.) S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () S2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) S2 ServicepointService; C:\Program Files\Verizon\VSP\ServicepointService.exe [689464 2011-01-10] (Radialpoint Inc.) S2 Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe [157016 2008-01-31] (Smith Micro Software, Inc.) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [171016 2008-05-28] (AMD Technologies Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [148192 2008-07-19] (Realtek Semiconductor Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S2 TMAgent; S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\FRST 2014-03-18 16:24 - 2014-03-18 16:24 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\Users\phall707\AppData\Roaming\Malwarebytes 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 16:24 - 2013-04-04 10:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-03-18 16:22 - 2014-03-18 16:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\phall707\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-18 16:18 - 2014-03-18 16:20 - 00003666 _____ () C:\Users\phall707\Desktop\Rkill.txt 2014-03-18 16:18 - 2014-03-18 16:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\phall707\Desktop\rkill.exe 2014-03-18 16:09 - 2014-03-18 16:10 - 00000000 ____D () C:\AdwCleaner 2014-03-18 16:08 - 2014-03-18 16:08 - 01950720 _____ () C:\Users\phall707\Desktop\AdwCleaner.exe 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\SaveDailyDeals Updater 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\SaveDailyDeals 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-18 15:59 - 2014-03-18 15:59 - 00000584 _____ () C:\Windows\System32\TmInstall.log 2014-03-18 15:51 - 2014-03-18 15:51 - 00000085 _____ () C:\Users\phall707\Desktop\Trend Micro Info.txt 2014-03-18 09:40 - 2014-03-18 09:40 - 00072261 _____ () C:\Users\phall707\Desktop\zoek-results.txt 2014-03-18 09:17 - 2014-03-18 09:00 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-18 09:05 - 2014-03-18 09:20 - 00072261 _____ () C:\zoek-results.log 2014-03-18 09:00 - 2014-03-18 09:08 - 00000000 ____D () C:\zoek_backup 2014-03-18 08:59 - 2014-03-18 09:00 - 01285120 _____ () C:\Users\phall707\Desktop\zoek.exe 2014-03-17 14:21 - 2014-03-17 14:21 - 00105174 _____ () C:\Users\phall707\Documents\report1.txt ==================== One Month Modified Files and Folders ======= 2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\FRST 2014-03-19 11:59 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-19 11:59 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-18 18:06 - 2006-11-02 02:33 - 00750972 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-18 18:02 - 2008-12-19 01:18 - 00000000 ____D () C:\Users\phall707\AppData\Roaming\OpenOffice.org2 2014-03-18 18:01 - 2008-09-10 11:34 - 00000000 _____ () C:\Windows\System32\LogConfigTemp.xml 2014-03-18 18:01 - 2008-05-01 20:20 - 00000147 _____ () C:\Windows\System32\agent.log 2014-03-18 18:00 - 2008-09-10 11:18 - 02064014 _____ () C:\Windows\WindowsUpdate.log 2014-03-18 17:06 - 2008-01-20 18:47 - 00157564 _____ () C:\Windows\PFRO.log 2014-03-18 17:04 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\SchCache 2014-03-18 16:24 - 2014-03-18 16:24 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\Users\phall707\AppData\Roaming\Malwarebytes 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-18 16:24 - 2014-03-18 16:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-18 16:22 - 2014-03-18 16:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\phall707\Desktop\mbam-setup-1.75.0.1300.exe 2014-03-18 16:20 - 2014-03-18 16:18 - 00003666 _____ () C:\Users\phall707\Desktop\Rkill.txt 2014-03-18 16:18 - 2014-03-18 16:18 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\phall707\Desktop\rkill.exe 2014-03-18 16:10 - 2014-03-18 16:09 - 00000000 ____D () C:\AdwCleaner 2014-03-18 16:08 - 2014-03-18 16:08 - 01950720 _____ () C:\Users\phall707\Desktop\AdwCleaner.exe 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\SaveDailyDeals Updater 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\SaveDailyDeals 2014-03-18 16:06 - 2014-03-18 16:06 - 00000000 ____D () C:\Program Files\7-Zip 2014-03-18 16:06 - 2008-10-21 11:49 - 00000000 ____D () C:\ProgramData\Yahoo! 2014-03-18 16:06 - 2008-10-21 10:47 - 00000000 ____D () C:\Users\phall707\AppData\Roaming\Mozilla 2014-03-18 16:06 - 2008-10-21 09:31 - 00000000 ____D () C:\Program Files\Yahoo! 2014-03-18 15:59 - 2014-03-18 15:59 - 00000584 _____ () C:\Windows\System32\TmInstall.log 2014-03-18 15:58 - 2012-12-22 13:09 - 00000000 ____D () C:\Program Files\Trend Micro 2014-03-18 15:55 - 2012-12-22 13:30 - 00000000 ____D () C:\ProgramData\Trend Micro 2014-03-18 15:54 - 2012-12-22 13:42 - 00000000 ____D () C:\Users\phall707\AppData\Local\Trend Micro 2014-03-18 15:51 - 2014-03-18 15:51 - 00000085 _____ () C:\Users\phall707\Desktop\Trend Micro Info.txt 2014-03-18 09:40 - 2014-03-18 09:40 - 00072261 _____ () C:\Users\phall707\Desktop\zoek-results.txt 2014-03-18 09:20 - 2014-03-18 09:05 - 00072261 _____ () C:\zoek-results.log 2014-03-18 09:08 - 2014-03-18 09:00 - 00000000 ____D () C:\zoek_backup 2014-03-18 09:00 - 2014-03-18 09:17 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-03-18 09:00 - 2014-03-18 08:59 - 01285120 _____ () C:\Users\phall707\Desktop\zoek.exe 2014-03-18 04:13 - 2013-02-07 15:24 - 00001935 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-17 14:26 - 2012-12-26 13:04 - 00000000 _____ () C:\Windows\DCEBOOT.LOG 2014-03-17 14:21 - 2014-03-17 14:21 - 00105174 _____ () C:\Users\phall707\Documents\report1.txt 2014-03-17 13:40 - 2012-12-26 12:43 - 00023088 _____ () C:\Windows\DCEBoot.exe 2014-03-17 13:40 - 2012-12-22 14:03 - 00182832 _____ () C:\Windows\RegBootClean.exe 2014-03-17 11:08 - 2012-12-08 11:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-03-17 11:08 - 2012-12-08 11:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\phall707\AppData\Local\Temp\contentDATs.e xe C:\Users\phall707\AppData\Local\Temp\ct_2001.exe C:\Users\phall707\AppData\Local\Temp\InstallFlashP layer.exe C:\Users\phall707\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe C:\Users\phall707\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Users\phall707\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\phall707\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\phall707\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\phall707\AppData\Local\Temp\lsa2ftyg.dll C:\Users\phall707\AppData\Local\Temp\RtkBtMnt.exe C:\Users\phall707\AppData\Local\Temp\SecurityScan_ Release.exe C:\Users\phall707\AppData\Local\Temp\{6DF2D68B-CB7A-4000-8DED-AFC055733485}-33.0.1750.154_chrome_installer.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-22 13:36:40 Restore point made on: 2012-12-22 13:37:43 Restore point made on: 2012-12-22 13:38:13 Restore point made on: 2013-02-07 09:08:55 Restore point made on: 2013-02-07 09:09:32 Restore point made on: 2013-02-07 09:11:50 Restore point made on: 2013-02-07 10:17:55 Restore point made on: 2013-02-07 10:21:03 Restore point made on: 2013-02-07 14:58:27 Restore point made on: 2013-02-07 15:01:32 Restore point made on: 2013-02-07 15:17:09 Restore point made on: 2013-02-07 15:18:16 Restore point made on: 2014-03-18 09:05:42 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 1789.62 MB Available physical RAM: 1363.96 MB Total Pagefile: 1557.23 MB Available Pagefile: 1420.99 MB Total Virtual: 2047.88 MB Available Virtual: 1963.36 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:31.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:4.14 GB) NTFS Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.71 GB) FAT32 Drive g: () (Removable) (Total:0.49 GB) (Free:0.38 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 149 GB) (Disk ID: 22A80B16) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS) ================================================== ====== Disk: 1 (Size: 507 MB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. LastRegBack: 2014-03-18 18:07 ==================== End Of Log ============================
|
|
#13
March 20th, 2014, 12:34 AM
|
||||
|
||||
|
Again hi ihrescue. Thanks.
Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully. Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
Note: If you delete with revouninstal better. Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists: Also delete the following Folders if it still exists: C:\ProgramData\Yahoo! Companion C:\Program Files\SaveDailyDeals Updater C:\Program Files\SaveDailyDeals C:\ProgramData\Yahoo! -------------------------------------------------------------------------------------------------------------- Step 1: Fix with FRST
Quote:
Last edited by olgun52; March 20th, 2014 at 12:39 AM.
|
|
#15
March 20th, 2014, 07:37 PM
|
||||
|
||||
|
Quote:
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Cleaning out my laptop | krazykrisi | Windows 7 | 8 | June 24th, 2014 05:09 PM |
| Doing a little system cleaning but looking for advice | bryan123 | Windows 7 | 3 | December 26th, 2010 08:31 AM |
| Cleaning your Laptop. | MAJOR | The Anything Else Board | 6 | September 18th, 2008 11:02 PM |
| Cleaning my laptop | Orb Weaver | The Anything Else Board | 3 | February 16th, 2007 12:58 AM |
| Cleaning up system???? | perplexed | Windows 98 | 4 | August 22nd, 2001 06:28 AM |
All times are GMT +1. The time now is 08:29 AM.