1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Please...Virus Infection

Discussion in 'Virus & Other Malware Removal' started by Baggio, May 24, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi there,

    Unfortunately seem to have picked up a virus on my computer. Running very slow, icon showing up on my desktop that seems to start downloading without clicking. Also notice my security program has disappeared from view. Here are my specifics as requested below. Thanks so much for your help in advance.

    B

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 2
    RAM: 3063 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 305242 MB, Free - 6101 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi Baggio,
    Since it has been over a year since support for Windows XP ended, this may or may not be fixable.
    ...and any fix may be temporary.
    -------------------------------------------------------------
    For your leisure reading......
    An article on the subject of XP, and options on what to do, is here:
    http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=62384#.UsLF3bRs_TI
    The entire thread is also available as a PDF document (see at the end of the article)
    -----------------------------------------------------------
    Now back to business.
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    So we will be looking for the contents of the two logs- addition.txt and FRST.txt
    askey127
     
  3. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Thank-you for your offer to help. Both logs are posted below as per your request.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
    Ran by Owner (administrator) on OWNER-906BBD5F2 on 24-05-2015 15:49:46
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\WINDOWS\system32\lxebcoms.exe
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
    (Agere Systems) C:\WINDOWS\agrsmmsg.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
    () C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
    () C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    (McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
    (Farbar) C:\Documents and Settings\Owner\My Documents\Downloads\FRST(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-15] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-15] (Intel Corporation)
    HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-05-05] (UPEK Inc.)
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-14] (Agere Systems)
    HKLM\...\Run: [ThpSrv] => thpsrv /logon
    HKLM\...\Run: [lxebmon.exe] => C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll [2006-05-05] (UPEK Inc.)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Owner\My Documents\Downloads\uTorrent(2).exe [1688656 2014-12-21] (BitTorrent Inc.)
    AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-05-13] (Client Connect LTD)
    Lsa: [Notification Packages] scecli psqlpwd
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-11]
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
    SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1315411040171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B111US1056D20140723&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-04-02]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-07]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-05-19]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-19]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-16]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-05-19]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3274512 2015-05-13] (Client Connect LTD)
    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) []
    S2 lxebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
    R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [598696 2010-04-14] ( )
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-05-04] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [176128 2005-12-20] (TOSHIBA Corporation) []

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.) []
    R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.) []
    R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-03-28] ()
    R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) []
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) []
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) []
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-14] (Intel Corporation)
    R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) []
    R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.) []
    R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-12-25] () []
    S3 TBiosDrv; C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] () []
    R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-27] (TOSHIBA Corporation) []
    R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91216 2011-07-08] (High Criteria inc.)
    S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
    U0 mfewfpk; No ImagePath
    U3 TlntSvr; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-24 15:44 - 2015-05-24 15:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    2015-05-24 15:15 - 2015-05-24 15:15 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\My Safe
    2015-05-22 22:59 - 2015-05-24 09:21 - 00000538 _____ () C:\WINDOWS\Tasks\avabvbxvh.job
    2015-05-22 22:58 - 2015-05-23 07:36 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\avabvbxvh
    2015-05-22 22:57 - 2015-05-22 22:59 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
    2015-05-22 22:57 - 2015-05-22 22:58 - 00000000 ____D () C:\Program Files\SearchProtect
    2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Start Menu\µTorrent.lnk
    2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Desktop\µTorrent.lnk
    2015-05-22 22:22 - 2015-05-22 22:23 - 00000000 ____D () C:\Avenger
    2015-05-18 15:21 - 2015-05-18 15:38 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\George Aretha Shoot
    2015-05-18 11:24 - 2015-05-24 12:29 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\GB & Aretha
    2015-05-16 13:33 - 2015-05-16 13:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-05-02 17:30 - 2015-05-02 17:30 - 03188689 _____ () C:\Documents and Settings\All Users\SPL38E.tmp
    2015-05-02 17:03 - 2015-05-18 11:26 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Mortgage Refinance 2015
    2015-05-02 16:21 - 2015-05-02 16:21 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2015-05-02 16:21 - 2015-05-02 16:21 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    2015-05-02 16:19 - 2015-05-02 16:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-04-30 23:03 - 2015-04-30 23:03 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Soda PDF 6
    2015-04-30 22:54 - 2015-04-30 22:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Soda PDF 6
    2015-04-30 22:43 - 2015-04-30 22:43 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Wondershare PDFelement
    2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
    2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare
    2015-04-30 22:41 - 2015-01-30 16:40 - 00083016 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
    2015-04-30 22:40 - 2015-04-30 22:42 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Wondershare
    2015-04-30 20:12 - 2015-05-18 11:26 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\George Brown Application

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-24 15:50 - 2015-03-02 23:00 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
    2015-05-24 15:49 - 2014-12-09 22:36 - 00000000 ____D () C:\FRST
    2015-05-24 15:49 - 2011-09-08 11:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
    2015-05-24 15:44 - 2014-04-27 11:20 - 00001611 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    2015-05-24 15:27 - 2012-06-30 11:53 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
    2015-05-24 15:27 - 2012-06-30 11:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
    2015-05-24 15:25 - 2015-03-21 21:25 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
    2015-05-24 15:16 - 2011-09-08 12:02 - 00568440 _____ () C:\Documents and Settings\All Users\lxebscan.log
    2015-05-24 15:16 - 2011-09-06 18:32 - 01881332 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-24 15:15 - 2014-03-19 16:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-05-24 15:15 - 2011-09-06 18:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-24 15:15 - 2011-09-06 14:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-05-24 15:15 - 2011-09-06 14:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-05-24 12:46 - 2011-09-06 18:46 - 00032466 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-05-24 12:46 - 2011-09-06 18:46 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2015-05-24 12:46 - 2011-09-06 18:46 - 00000000 ____D () C:\Documents and Settings\Owner
    2015-05-24 12:06 - 2012-08-30 00:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-24 11:11 - 2008-04-14 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-05-24 11:05 - 2014-08-05 13:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
    2015-05-23 08:35 - 2011-07-31 20:50 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MR
    2015-05-23 08:31 - 2011-09-07 11:57 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
    2015-05-22 22:22 - 2013-01-09 17:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
    2015-05-22 20:15 - 2014-11-29 23:26 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-22 06:57 - 2011-09-10 10:16 - 00081920 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-20 20:20 - 2013-05-19 20:14 - 00000000 ____D () C:\Program Files\McAfee
    2015-05-19 18:22 - 2011-09-08 12:04 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
    2015-05-16 15:26 - 2015-03-29 09:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-05-16 08:26 - 2014-11-29 23:25 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-16 08:26 - 2014-11-29 23:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-16 08:26 - 2014-04-27 09:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-05-16 07:59 - 2011-07-31 20:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\LPS
    2015-05-14 13:31 - 2011-09-06 18:30 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2015-05-13 18:43 - 2013-08-14 23:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-13 18:33 - 2011-09-07 15:37 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-13 18:32 - 2014-07-01 10:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2015-05-13 18:27 - 2011-09-30 19:00 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
    2015-05-13 18:22 - 2011-09-28 13:37 - 00728604 _____ () C:\Documents and Settings\All Users\lxeb.log
    2015-05-13 17:26 - 2011-09-08 11:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-05-11 19:35 - 2012-06-30 11:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
    2015-05-10 18:18 - 2011-09-17 18:15 - 00055783 _____ () C:\Documents and Settings\All Users\lxebJSW.log
    2015-05-10 13:44 - 2014-10-19 08:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Doc Film Proposals
    2015-05-08 15:42 - 2014-07-01 10:58 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
    2015-05-08 15:00 - 2014-03-19 16:17 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-05-02 16:22 - 2011-09-08 12:11 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
    2015-05-02 16:19 - 2011-09-08 12:11 - 00000000 ____D () C:\Program Files\Adobe
    2015-05-02 16:19 - 2011-09-08 12:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2015-05-01 00:42 - 2011-09-06 14:18 - 00269392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-04-30 22:42 - 2011-09-07 09:26 - 00070376 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2012-02-17 01:02 - 2012-02-17 01:04 - 0000289 _____ () C:\Documents and Settings\Owner\Application Data\burnaware.ini
    2015-03-21 21:34 - 2015-03-22 08:18 - 0000066 _____ () C:\Documents and Settings\Owner\Application Data\WB.CFG
    2011-09-10 10:16 - 2015-05-22 06:57 - 0081920 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-10-20 09:22 - 2011-10-20 09:22 - 0000000 _____ () C:\Documents and Settings\All Users\cmn_upld.log
    2011-09-08 12:05 - 2011-09-08 12:05 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log
    2011-09-28 13:37 - 2015-05-13 18:22 - 0728604 _____ () C:\Documents and Settings\All Users\lxeb.log
    2012-01-13 09:54 - 2013-04-08 21:57 - 0000675 _____ () C:\Documents and Settings\All Users\lxebDiagnostics.log
    2011-09-17 18:15 - 2015-05-10 18:18 - 0055783 _____ () C:\Documents and Settings\All Users\lxebJSW.log
    2011-09-08 12:02 - 2015-05-24 15:16 - 0568440 _____ () C:\Documents and Settings\All Users\lxebscan.log
    2011-10-20 09:22 - 2011-10-20 09:22 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log
    2015-05-02 17:30 - 2015-05-02 17:30 - 3188689 _____ () C:\Documents and Settings\All Users\SPL38E.tmp
    2011-09-08 11:56 - 2011-09-08 11:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job


    Some files in TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllqwo4.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of log ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
    Ran by Owner at 2015-05-24 15:51:31
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1614895754-2025429265-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1614895754-2025429265-1417001333-1004 - Limited - Enabled)
    Guest (S-1-5-21-1614895754-2025429265-1417001333-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1614895754-2025429265-1417001333-1000 - Limited - Disabled)
    Owner (S-1-5-21-1614895754-2025429265-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
    SUPPORT_388945a0 (S-1-5-21-1614895754-2025429265-1417001333-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    Dropbox (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
    Faasoft Audio Converter 5.0.10.5323 (HKLM\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version: - Faasoft Corporation)
    File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
    InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.380 - InterVideo Inc.)
    InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.542 - InterVideo Inc.)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.214 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
    Protector Suite 5.4 (HKLM\...\{737629F4-4111-4FD4-9071-29873B7C6426}) (Version: 5.4.0.2934 - UPEK)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RPS CRT (Version: 9.0.40 - Bell) Hidden
    Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.4 - TOSHIBA Corporation)
    Search Protect (HKLM\...\SearchProtect) (Version: 2.23.30.9 - Client Connect LTD) <==== ATTENTION
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4321 - Analog Devices)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
    TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 1.01.08e - TOSHIBA Corporation)
    TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
    Toshiba Tbiosdrv Driver (HKLM\...\Toshiba Tbiosdrv Driver) (Version: - )
    Total Recorder 8.3 Standard Edition (HKLM\...\TotalRecorder) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Intel (E100B) Net (12/06/2007 8.0.47.0) (HKLM\...\01729CC98CCF44B7B07959E89E1C2ECE7E77CE61) (Version: 12/06/2007 8.0.47.0 - Intel)
    Windows Driver Package - Intel (NETw5x32) net (09/15/2009 13.0.0.107) (HKLM\...\F01807101EBDFA763D74F1891D2AA31593E493C5) (Version: 09/15/2009 13.0.0.107 - Intel)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    14-05-2015 13:51:01 System Checkpoint
    14-05-2015 19:47:47 System Checkpoint
    16-05-2015 01:26:33 System Checkpoint
    17-05-2015 02:25:56 System Checkpoint
    18-05-2015 03:03:43 System Checkpoint
    19-05-2015 03:33:19 System Checkpoint
    20-05-2015 19:27:48 System Checkpoint
    22-05-2015 01:30:08 System Checkpoint
    23-05-2015 02:53:03 System Checkpoint
    24-05-2015 03:22:07 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 08:00 - 2015-03-02 22:56 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Owner\APPLIC~1\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\avabvbxvh.job => C:\Documents and Settings\Owner\Local Settings\Application Data\avabvbxvh\avabvbxvh.exeXC:\Documents and Settings\Owner\Local Settings\Application Data\avabvbxvh\avabvbxvh.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2011-10-03 10:16 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
    2011-09-08 12:01 - 2009-11-04 09:14 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxebdrpp.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2011-09-08 11:58 - 2011-01-23 21:00 - 00770728 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
    2011-09-08 11:58 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
    2011-09-08 12:01 - 2009-05-27 08:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll
    2011-09-08 11:58 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebDRS.dll
    2011-09-08 11:58 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
    2011-09-08 11:56 - 2009-02-20 04:48 - 00299008 _____ () C:\WINDOWS\system32\lxebsm.dll
    2011-09-08 11:56 - 2009-02-20 04:48 - 00023552 _____ () C:\WINDOWS\system32\lxebsmr.dll
    2011-09-08 11:58 - 2011-01-23 21:00 - 00148280 _____ () C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
    2011-09-08 11:58 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epwizard.DLL
    2011-09-08 11:58 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
    2011-09-08 11:58 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Eputil.DLL
    2011-09-08 11:58 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Imagutil.DLL
    2011-09-08 11:58 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epfunct.DLL
    2011-09-08 11:58 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPWizRes.dll
    2011-09-08 11:58 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
    2011-09-08 11:58 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPOEMDll.dll
    2011-09-08 11:58 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
    2011-09-08 11:58 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
    2015-04-30 22:41 - 2014-06-04 10:21 - 00571904 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2015-04-30 22:41 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2015-05-24 15:27 - 2015-05-24 15:27 - 00043008 _____ () c:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpllqwo4.dll
    2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libGLESv2.dll
    2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libEGL.dll
    2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
    DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxebcoms.exe] => Enabled:pro200-S500 Series Server
    StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
    StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
    StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
    StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
    StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\uTorrent\updates\3.4.2_38913.exe] => Enabled:&#956;Torrent
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\uTorrent\updates\3.4.2_38656.exe] => Enabled:&#956;Torrent
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\My Documents\Downloads\uTorrent(2).exe] => Enabled:&#956;Torrent

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9127016

    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9127016

    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9111391

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9111391

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9095766

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9095766

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:48:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9080141


    System errors:
    =============
    Error: (05/24/2015 03:42:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Boot Delay Start Service service, but this action failed with the following error:
    %%1056

    Error: (05/24/2015 03:42:16 PM) (Source: DCOM) (EventID: 10010) (User: OWNER-906BBD5F2)
    Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

    Error: (05/24/2015 03:41:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (05/24/2015 03:41:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/24/2015 03:25:00 PM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942403

    Error: (05/24/2015 03:17:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Boot Delay Start Service service hung on starting.

    Error: (05/24/2015 03:15:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxebCATSCustConnectService service failed to start due to the following error:
    %%1053

    Error: (05/24/2015 03:15:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.

    Error: (05/24/2015 00:25:00 PM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942403

    Error: (05/24/2015 11:25:00 AM) (Source: Schedule) (EventID: 7901) (User: )
    Description: The At1.job command failed to start due to the following error:
    %%2147942403


    Microsoft Office:
    =========================
    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9127016

    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9127016

    Error: (05/20/2015 11:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9111391

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9111391

    Error: (05/20/2015 11:49:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9095766

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 9095766

    Error: (05/20/2015 11:48:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/20/2015 11:48:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 9080141


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
    Percentage of memory in use: 27%
    Total physical RAM: 3063.17 MB
    Available physical RAM: 2230.61 MB
    Total Pagefile: 5969.76 MB
    Available Pagefile: 5316.22 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.71 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:5.94 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A47DA47D)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Baggio,
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    There are NO Safe ones.
    Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    -----------------------------------------------
    Java 8 does not necessarily work correctly in XP.
    The last Java to be tested with XP was Java 7 Update 45.
    You may want to read here before you decide whether to keep any Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    -----------------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
    Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

    µTorrent
    Java 8 Update 40
    PDFCreator
    Search Protect
    Vuze

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to your Downloads folder. That's where FRST.exe is.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  5. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Many thanks for your reply. I agree, I believe I may have acquired a virus through the use of utorrent. I have removed, as well as the others you have suggested. For some reason, the Vuze file could not be removed as I tried to do such through the "remove program" in control panel and nothing would happen even though I clicked on it multiple times. The log after the scan is as follows:

    Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
    Ran by Owner at 2015-05-24 18:06:06 Run:2
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files\SearchProtect
    C:\Program Files\Common Files\Wondershare
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-05-13] (Client Connect LTD)
    C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
    FF DefaultSearchEngine: Secure Search
    FF SearchEngineOrder.1: Secure Search
    FF SelectedSearchEngine: Secure Search
    FF Keyword.URL: https://search.yahoo.com/search?fr=m...56D20140723&p=
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
    CHR dev: Chrome dev build detected! <======= ATTENTION
    R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [3274512 2015-05-13] (Client Connect LTD)
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Owner\My Documents\Downloads\uTorrent(2).exe [1688656 2014-12-21] (BitTorrent Inc.)
    2015-05-22 22:57 - 2015-05-22 22:59 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
    2015-05-22 22:57 - 2015-05-22 22:58 - 00000000 ____D () C:\Program Files\SearchProtect
    2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Start Menu\µTorrent.lnk
    2015-05-22 22:56 - 2015-05-22 22:56 - 00000585 _____ () C:\Documents and Settings\Owner\Desktop\µTorrent.lnk
    2015-04-30 22:43 - 2015-04-30 22:43 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Wondershare PDFelement
    2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
    2015-04-30 22:41 - 2015-04-30 22:41 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare
    2015-04-30 22:41 - 2015-01-30 16:40 - 00083016 _____ (Wondershare Software) C:\WINDOWS\system32\WSMonEditor.dll
    2015-04-30 22:40 - 2015-04-30 22:42 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Wondershare
    2015-05-24 11:05 - 2014-08-05 13:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "C:\Program Files\SearchProtect" => File/Folder not found.
    C:\Program Files\Common Files\Wondershare => Moved successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value Removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value Removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value Removed successfully.
    "C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll" => value data not found.
    "C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll" => File/Folder not found.
    "HKLM\SOFTWARE\Policies\Google" => key Removed successfully.
    "HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
    "HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC5F965C-50F7-495F-A16F-C1E2946E31D0}" => key Removed successfully.
    HKCR\CLSID\{FC5F965C-50F7-495F-A16F-C1E2946E31D0} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully.
    Firefox DefaultSearchEngine Removed successfully.
    Firefox SearchEngineOrder.1 Removed successfully.
    Firefox SelectedSearchEngine Removed successfully.
    Firefox Keyword.URL Removed successfully.
    HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2 => key not found.
    C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll not found.
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2 => key not found.
    C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll not found.
    CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
    CltMngSvc => Service not found.
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value Removed successfully.
    "C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect" => File/Folder not found.
    "C:\Program Files\SearchProtect" => File/Folder not found.
    C:\Documents and Settings\Owner\Start Menu\µTorrent.lnk => Moved successfully.
    "C:\Documents and Settings\Owner\Desktop\µTorrent.lnk" => File/Folder not found.
    C:\Documents and Settings\Owner\My Documents\Wondershare PDFelement => Moved successfully.
    "C:\Program Files\Common Files\Wondershare" => File/Folder not found.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare => Moved successfully.
    C:\WINDOWS\system32\WSMonEditor.dll => Moved successfully.
    C:\Documents and Settings\Owner\Application Data\Wondershare => Moved successfully.
    C:\Documents and Settings\Owner\Application Data\uTorrent => Moved successfully.

    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    EmptyTemp: => Removed 71.4 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 18:07:00 ====
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Baggio,
    ---------------------------------------------------------
    The McAfee Site Advisor add-on is not very useful.
    If you want to see how good it is, look at its ratings for some of the most infamous adware/junkware/tracking/hijacker distribution sites.
    Go here: http://www.siteadvisor.com/sites/
    Type in each of the following to check its "rating"
    MyWebSearch.com
    searchqu.com
    ask.com
    conduit.com
    trovi.com
    funmoods.com

    Notice the "safety" ratings despite the customers observances in the pie charts.
    (You may want to Uninstall it).

    ---------------------------------------------
    Let's get rid of Vuze manually. Find out where it is this way:
    Run A Scan With SystemLook
    Please download SystemLook from the download mirror and save it to your Desktop, (or your downloads folder).
    Download Mirror #1 (32-bit)
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield. Do not include "Code:":
      Code:
      :filefind
      *vuze*
      :folderfind
      *vuze*
      :regfind
      vuze
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log is entitled SystemLook.txt

    askey127
     
  7. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Many thanks for you reply. Have removed the Mcafee add on as requested. Please see log below as well.
    Thanks!
    B

    SystemLook 04.09.10 by jpshortstuff
    Log created at 18:10 on 25/05/2015 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*vuze*"
    C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\CT2504091\feed\http___blog_vuze_com_index_php_feed__history.xml.vir --a---- 0 bytes [23:56 07/01/2012] [23:56 07/01/2012] D41D8CD98F00B204E9800998ECF8427E
    C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\CT2504091\feed\http___blog_vuze_com_index_php_feed__structured.xml.vir --a---- 0 bytes [23:56 07/01/2012] [23:56 07/01/2012] D41D8CD98F00B204E9800998ECF8427E
    C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0p6aini3.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(2)\chrome(2)\vuze_remote.jar.vir --a---- 718472 bytes [22:57 14/07/2013] [22:57 14/07/2013] 9D962E26AED1F784C7DE4BD8871267D8
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze\Vuze.ico.vir --a---- 55652 bytes [17:31 08/09/2011] [13:56 27/04/2011] 70B3D77F119821239FB492F4B4F69043
    C:\BACKUP\Documents and Settings\All Users\Desktop\Vuze.lnk --a---- 1505 bytes [17:58 05/08/2011] [17:58 05/08/2011] FF1E121AE356D953E4C6422E224F5A5D
    C:\BACKUP\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk --a---- 1505 bytes [17:58 05/08/2011] [17:58 05/08/2011] 9F1E5EF149E6809D5A2155FF35C1663C
    C:\BACKUP\Documents and Settings\Mark\Cookies\[email protected][2].txt --a---- 222 bytes [18:41 05/08/2011] [18:41 05/08/2011] C72CA3D1F3748FDA77D1EAE48C639010
    C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk --a---- 1505 bytes [17:31 08/09/2011] [13:48 30/07/2012] ADBBA87C92B79FE4A63EA21A50B91551
    C:\Documents and Settings\Owner\Application Data\Azureus\VuzeActivities.config --a---- 861 bytes [17:32 08/09/2011] [15:06 25/01/2014] 668B42F35441682B3E9007EC3846DC5E
    C:\Documents and Settings\Owner\Application Data\Azureus\plugins\azemp\vuzeplayer.exe --a---- 4177856 bytes [17:47 03/01/2012] [03:22 03/01/2014] B7B6675AD10E1F1392385912FCE338A4
    C:\Documents and Settings\Owner\Application Data\Azureus\plugins\azemp\vuzeplayer.exe.bak --a---- 4177856 bytes [17:47 03/01/2012] [17:47 03/01/2012] B7B6675AD10E1F1392385912FCE338A4
    C:\Documents and Settings\Owner\Application Data\Azureus\subs\6005304F0FDEE0CD3F8B.vuze --a---- 448 bytes [02:20 16/02/2012] [02:20 16/02/2012] 75E7317E0AB7510C64018102B7A4E3C1
    C:\Documents and Settings\Owner\Application Data\Azureus\subs\A26B3D8950040D948426.vuze --a---- 3213 bytes [23:12 10/02/2014] [23:12 10/02/2014] 8E889647A89469EB5B5DAE302C9B03CB
    C:\Documents and Settings\Owner\Application Data\Azureus\subs\AC6EF33104A06C7E017D.vuze --a---- 2963 bytes [00:06 11/02/2012] [00:06 11/02/2012] A106C07B48BBDC72629FFB7EF13860CE
    C:\Documents and Settings\Owner\Application Data\Azureus\subs\D5B0556649968CD9970A.vuze --a---- 3214 bytes [23:12 10/02/2014] [23:12 10/02/2014] 709A61A590AD11E8C5718BB30412C643
    C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk --a---- 1505 bytes [17:31 08/09/2011] [13:48 30/07/2012] CCDBB1F9D0289F730BC3E856D51C26AE
    C:\Documents and Settings\Owner\Desktop\MR\Unused Desktop Shortcuts\Vuze.lnk --a---- 1516 bytes [11:22 31/07/2011] [02:33 06/05/2010] 1B9F79214E172B1618BFA7AE2633FAD2
    C:\Program Files\Vuze\Vuze.ico --a---- 55652 bytes [17:31 08/09/2011] [13:56 27/04/2011] 70B3D77F119821239FB492F4B4F69043

    ========== folderfind ==========

    Searching for "*vuze*"
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze d------ [13:45 27/04/2014]
    C:\Documents and Settings\Owner\My Documents\Vuze Downloads d------ [04:09 06/08/2011]
    C:\Program Files\Vuze d------ [14:21 27/04/2014]

    ========== regfind ==========

    Searching for "vuze"
    [HKEY_CURRENT_USER\Software\Azureus]
    @="C:\Program Files\Vuze"
    [HKEY_CURRENT_USER\Software\Azureus]
    "exec"="C:\Program Files\Vuze\Azureus.exe"
    [HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Vuze\Azureus.exe"="Azureus"
    [HKEY_CURRENT_USER\Software\Classes\.vuze]
    [HKEY_CURRENT_USER\Software\Classes\.vuze]
    @="Vuze"
    [HKEY_CURRENT_USER\Software\Classes\.vuze]
    "Content Type"="application/x-vuze"
    [HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\DHT\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_CURRENT_USER\Software\Classes\DHT\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
    [HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
    "Extension"=".vuze"
    [HKEY_CURRENT_USER\Software\Classes\Vuze]
    [HKEY_CURRENT_USER\Software\Classes\Vuze]
    @="Vuze File"
    [HKEY_CURRENT_USER\Software\Classes\Vuze]
    "Content Type"="application/x-vuze"
    [HKEY_CURRENT_USER\Software\Classes\Vuze\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_CURRENT_USER\Software\Classes\Vuze\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Azureus]
    @="C:\Program Files\Vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Azureus]
    "exec"="C:\Program Files\Vuze\Azureus.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
    @="Vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Azureus.exe\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus]
    @="Vuze Download"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
    "Extension"=".vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
    @="Vuze File"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations]
    "allinstdirs8461-7759-5462-8226"="C:\Program Files\Vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations]
    "instdir8461-7759-5462-8226"="C:\Program Files\Vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus]
    "DefaultIcon"=""C:\Program Files\Vuze\Azureus.exe,0""
    [HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus]
    "Description"="Download with Vuze (formerly Azureus)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus]
    "ShellExecute"=""C:\Program Files\Vuze\Azureus.exe" %URL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Software\Vuze_Remote]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Registration\{90110409-6000-11D3-8CFE-0150048383C9}]
    "SmartSourceDir"="C:\Documents and Settings\Owner\My Documents\Vuze Downloads\MICROSOFT OFFICE 2003\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "DisplayName"="Vuze"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "DisplayIcon"="C:\Program Files\Vuze\.install4j\i4j_extf_23_5p83tu_bm8amj.ico"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "UninstallString"="C:\Program Files\Vuze\uninstall.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "Publisher"="Vuze Inc."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "URLInfoAbout"="http://www.vuze.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
    "InstallLocation"="C:\Program Files\Vuze"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Azureus]
    @="C:\Program Files\Vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Azureus]
    "exec"="C:\Program Files\Vuze\Azureus.exe"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\Program Files\Vuze\Azureus.exe"="Azureus"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze]
    @="Vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze]
    "Content Type"="application/x-vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\MIME\Database\Content Type\application/x-vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\MIME\Database\Content Type\application/x-vuze]
    "Extension"=".vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze]
    @="Vuze File"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze]
    "Content Type"="application/x-vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze]
    @="Vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze]
    "Content Type"="application/x-vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\MIME\Database\Content Type\application/x-vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\MIME\Database\Content Type\application/x-vuze]
    "Extension"=".vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze]
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze]
    @="Vuze File"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze]
    "Content Type"="application/x-vuze"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze\DefaultIcon]
    @="C:\Program Files\Vuze\Azureus.exe,0"
    [HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze\shell\open\command]
    @=""C:\Program Files\Vuze\Azureus.exe" "%1""

    -= EOF =-
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Baggio,
    This will give you a rough idea of the ton of garbage installed by Vuze so you can't remove it.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.

    ----------------------------------------------
    Perform a Custom Fix with OTL
    Right click OTL on your desktop, and choose "Run as administrator" to open it.
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [-HKEY_CURRENT_USER\Software\Azureus]
      [-HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe]
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
      "C:\Program Files\Vuze\Azureus.exe"=-
      [-HKEY_CURRENT_USER\Software\Classes\.vuze]
      [-HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon]
      [-HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command]
      [-HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon]
      [-HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command]
      [-HKEY_CURRENT_USER\Software\Classes\DHT\DefaultIcon]
      [-HKEY_CURRENT_USER\Software\Classes\DHT\shell\open\command]
      [-HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze]
      [-HKEY_CURRENT_USER\Software\Classes\Vuze]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Azureus]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Azureus.exe]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\DefaultIcon]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\shell\open\command]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\DefaultIcon]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\shell\open\command]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\DefaultIcon]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\shell\open\command]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\shell\open\command]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze]
      [HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations]
      "allinstdirs8461-7759-5462-8226"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\ej-technologies\install4j\installations]
      "instdir8461-7759-5462-8226"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Software\Vuze_Remote]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Registration\{90110409-6000-11D3-8CFE-0150048383C9}]
      "SmartSourceDir"=-
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226]
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Vuze\Azureus.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Vuze\Azureus.exe"=-
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Vuze\Azureus.exe"=-
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Azureus]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
      "C:\Program Files\Vuze\Azureus.exe"=-
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\MIME\Database\Content Type\application/x-vuze]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\DefaultIcon]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\shell\open\command]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\MIME\Database\Content Type\application/x-vuze]
      [-HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze]
      
      :Files
      C:\BACKUP\Documents and Settings\All Users\Desktop\Vuze.lnk
      C:\BACKUP\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
      C:\BACKUP\Documents and Settings\Mark\Cookies\[email protected][2].txt
      C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
      C:\Documents and Settings\Owner\Application Data\Azureus
      C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
      C:\Documents and Settings\Owner\Desktop\MR\Unused Desktop Shortcuts\Vuze.lnk
      C:\Program Files\Vuze\Vuze.ico
      C:\Documents and Settings\Owner\My Documents\Vuze Downloads
      C:\Program Files\Vuze
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      [CLEARALLRESTOREPOINTS]
      
    • Then click the Run Fix button at the top. DO NOT CLICK Run Scan
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

    If you are unable to do this, let me know.
    askey127
     
  9. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi there,

    Have tried to work through this last step and it doesn't seem to be working. I copy and paste as you directed and "run fix" however the program stops and a pop up comes up stating "cannot create file c:/documents and settings/owner/desktop/cmd.bat."

    Any idea on how to proceed?
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Make sure OTL.exe is on your Desktop, not in the downloads folder.
    Also make sure you right click the OTL icon and choose "run as administrator".
    Some of our tools do not work correctly when saved in the wrong location.
     
  11. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi there,

    Tried again...re-saved to desktop, unfortunately same thing happened again, frooze mid scan.
    My computer is running better now...would you recommend just leaving the vuze - i haven't used it in ages though..
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Baggio,
    --------------------------------------------------------
    Run A Fix With FRST64
    I see that FRST64.exe was in your downloads folder when you ran it. OK.
    Download the attached fixlist.txt file and save it to YOUR DOWNLOADS FOLDER.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  13. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Thank-you! Here are the results as requested:

    Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
    Ran by Owner at 2015-05-29 19:32:05 Run:3
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    C:\BACKUP\Documents and Settings\All Users\Desktop\Vuze.lnk
    C:\BACKUP\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
    C:\BACKUP\Documents and Settings\Mark\Cookies\[email protected][2.txt
    C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
    C:\Documents and Settings\Owner\Application Data\Azureus
    C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    C:\Documents and Settings\Owner\Desktop\MR\Unused Desktop Shortcuts\Vuze.lnk
    C:\Program Files\Vuze\Vuze.ico
    C:\Documents and Settings\Owner\My Documents\Vuze Downloads
    C:\Program Files\Vuze
    Reg: reg delete HKEY_CURRENT_USER\Software\Azureus /f
    Reg: reg delete "HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe" /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\.vuze /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Azureus /f
    Reg: reg delete "HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe" /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\.vuze /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\DHT\DefaultIcon /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\DHT\shell\open\command /f
    Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze" /f
    Reg: reg delete HKEY_CURRENT_USER\Software\Classes\Vuze /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Azureus /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Azureus.exe /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\DefaultIcon /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\shell\open\command /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\DefaultIcon /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\shell\open\command /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\DefaultIcon /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\shell\open\command /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\shell\open\command /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze" /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Software\Vuze_Remote /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226 /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Azureus /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\shell\open\command /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\shell\open\command /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\shell\open\command /f
    Reg: reg delete "HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\MIME\Database\Content Type\application/x-vuze" /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\shell\open\command /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\shell\open\command /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\DefaultIcon /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\shell\open\command /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\MIME\Database\Content Type\application/x-vuze /f
    Reg: reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze /f
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\BACKUP\Documents and Settings\All Users\Desktop\Vuze.lnk => Moved successfully.
    C:\BACKUP\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk => Moved successfully.
    "C:\BACKUP\Documents and Settings\Mark\Cookies\[email protected][2.txt" => File/Folder not found.
    C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk => Moved successfully.
    C:\Documents and Settings\Owner\Application Data\Azureus => Moved successfully.
    C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk => Moved successfully.
    C:\Documents and Settings\Owner\Desktop\MR\Unused Desktop Shortcuts\Vuze.lnk => Moved successfully.
    C:\Program Files\Vuze\Vuze.ico => Moved successfully.
    C:\Documents and Settings\Owner\My Documents\Vuze Downloads => Moved successfully.
    C:\Program Files\Vuze => Moved successfully.

    ========= reg delete HKEY_CURRENT_USER\Software\Azureus /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete "HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe" /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\.vuze /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Azureus /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete "HKEY_CURRENT_USER\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe" /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\.vuze /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BC\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BC\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\BCTP\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\DHT\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\DHT\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete "HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-vuze" /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_CURRENT_USER\Software\Classes\Vuze /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Azureus /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vuze /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Azureus.exe /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Azureus /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BC\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BCTP\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHT\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\DefaultIcon /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Magnet\shell\open\command /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vuze" /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Vuze /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\magnet\Handlers\Azureus /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Software\Vuze_Remote /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8461-7759-5462-8226 /f =========


    The operation completed successfully


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Azureus /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\ej-technologies\exe4j\jvms\c:/program files/vuze/jre/bin/java.exe /f =========


    Error: Invalid command-line parameters


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\.vuze /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BC\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\BCTP\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\DHT\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete "HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\MIME\Database\Content Type\application/x-vuze" /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Classes\Vuze /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\.vuze /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BC\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\BCTP\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\DefaultIcon /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\DHT\shell\open\command /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\MIME\Database\Content Type\application/x-vuze /f =========


    Error: Invalid command-line parameters


    ========= End of Reg: =========


    ========= reg delete HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\Vuze /f =========


    Error: The system was unable to find the specified registry key or value


    ========= End of Reg: =========


    ========= ipconfig /flushdns =========



    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========= End of CMD: =========

    EmptyTemp: => Removed 73.7 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:34:25 ====
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    That will pretty much take care of Vuze.

    You DO need to create some added free space on the C: drive.
    Windows needs about 15% free space to run properly.
    Offload extra pictures, videos to flash drives, DVDs, external hard drives, etc. to create extra space.
    Using Start > Computer > check the free space shown on C: drive.

    I can give you some other tips to save space.
    Let me know.
     
    Last edited: May 30, 2015
  15. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    I'm going to bring some of my music and pics on to another drive to free up space.

    Thanks so much for all your help, my computer is running so much better!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148744

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice