• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Laptop Help

Malnutrition

Still Hungry
iHF Master Craftsman
#21
You forgot a set of logs. Once I confirm that you are clean I have an idea on getting your machine back on track, we will run the windows repair tool but if there is any malware present it might not do as intended. Once I clear you for running the tool, I think it will really help in your situation. :)



Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 
#23
Sorry.....it's been a busy week/weekend! Here you go.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by mike (administrator) on JERRY-PC on 26-05-2014 21:39:24
Running from C:\Users\mike\Downloads
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-21] (AVAST Software)
HKLM\...\Runonce: [Del882279] - cmd.exe /Q /D /c del "C:\Users\mike\AppData\Local\Temp\0.del"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_wnzp...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF075A9A8ECB7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_wnzp...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://www.google.com/search?q={sea...tIndex?}&startPage={startPage}&rlz=1I7GGLT_en
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\mike\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0BzyyCzztBtDyE0A0ByEyB0FtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtA0E0DtBtD0EyBtG0D0F0BtCtGtA0D0BtCtG0E0DzyyCtGyD0BzztDtDtB0ByDtBtCtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0E0FyD0CzztGyEtAyB0CtGzy0C0B0CtGzyzy0E0BtGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir="
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultSearchURL: http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]
CHR Extension: (Speedial) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-05-26]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]
CHR Extension: (Google Wallet) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
S4 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-02-05] (Logitech Inc.)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2008-02-05] (Logitech Inc.)
S4 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-01-16] (Intuit Inc.)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1716224 2006-11-27] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-21] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-21] ()
S3 DellBIOS; C:\Windows\DellBIOS.Sys [5120 2007-11-04] ()
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [689176 2008-02-05] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2008-02-05] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-02-05] (Logitech Inc.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Net6IM; system32\DRIVERS\net6im51.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{57CE0040-62CCC763-05040000}; \??\C:\PROGRA~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 21:39 - 2014-05-26 21:39 - 00013562 _____ () C:\Users\mike\Downloads\FRST.txt
2014-05-26 21:38 - 2014-05-26 21:39 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:38 - 01056256 _____ (Farbar) C:\Users\mike\Downloads\FRST.exe
2014-05-26 21:16 - 2014-05-26 21:16 - 00000288 _____ () C:\Windows\Tasks\Speedial.job
2014-05-26 21:15 - 2014-05-26 21:16 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Speedial
2014-05-26 21:15 - 2014-05-26 21:15 - 00000000 ____D () C:\Program Files\Speedial
2014-05-26 21:14 - 2014-05-26 21:14 - 00820840 _____ ( ) C:\Users\mike\Downloads\winzip18.exe
2014-05-18 22:06 - 2014-05-18 22:06 - 00002632 _____ () C:\Users\mike\Desktop\RKreport[0]_D_05182014_220611.txt
2014-05-18 22:05 - 2014-05-18 22:05 - 00002570 _____ () C:\Users\mike\Desktop\RKreport[0]_S_05182014_220547.txt
2014-05-18 22:01 - 2014-05-18 22:14 - 00000000 ____D () C:\Users\mike\Desktop\RK_Quarantine
2014-05-18 22:01 - 2014-05-18 22:01 - 03972608 _____ () C:\Users\mike\Downloads\RogueKiller (1).exe
2014-05-18 21:59 - 2014-05-18 22:00 - 03972608 _____ () C:\Users\mike\Downloads\RogueKiller.exe
2014-05-18 21:59 - 2014-05-18 21:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 21:59 - 2014-05-18 21:59 - 00000000 _____ () C:\Windows\setupact.log
2014-05-18 21:55 - 2014-05-18 21:56 - 00000637 _____ () C:\Users\mike\Desktop\JRT.txt
2014-05-18 21:50 - 2014-05-18 21:50 - 01016261 _____ (Thisisu) C:\Users\mike\Downloads\JRT (1).exe
2014-05-15 17:50 - 2014-05-15 17:50 - 00028411 _____ () C:\Users\mike\Desktop\Result.txt
2014-05-15 17:44 - 2014-05-26 21:10 - 00061285 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 17:14 - 2014-05-15 17:14 - 00006157 _____ () C:\Users\mike\Desktop\zoek-results.txt
2014-05-15 17:09 - 2014-05-15 17:09 - 00000000 ____D () C:\Users\mike\AppData\Local\VirtualStore
2014-05-15 17:04 - 2014-05-15 12:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-15 12:24 - 2014-01-14 19:54 - 00005276 _____ () C:\zoek-results2014-01-15-005441.log
2014-05-15 12:11 - 2014-05-15 12:09 - 04095370 _____ () C:\Users\mike\Desktop\zoek.zip
2014-05-15 09:03 - 2014-05-15 09:03 - 00000000 ____D () C:\rsit
2014-05-13 21:09 - 2014-05-13 21:09 - 03218352 _____ (McAfee, Inc.) C:\Users\mike\Downloads\MCPR.exe
2014-05-13 20:51 - 2014-05-13 20:51 - 00813920 _____ (Microsoft Corporation) C:\Users\mike\Downloads\VS10sp1-KB983509 (1).exe
2014-05-13 20:47 - 2014-05-13 20:48 - 08990552 _____ (Microsoft Corporation) C:\Users\mike\Downloads\vcredist_x86.exe
2014-05-13 20:46 - 2014-05-13 20:46 - 00813920 _____ (Microsoft Corporation) C:\Users\mike\Downloads\VS10sp1-KB983509.exe
2014-05-13 20:44 - 2014-05-13 20:45 - 07186992 _____ (Microsoft Corporation) C:\Users\mike\Downloads\vcredist_x64.exe
2014-05-13 20:02 - 2014-05-13 20:02 - 00889416 _____ (Microsoft Corporation) C:\Users\mike\Downloads\dotNetFx40_Full_setup.exe
2014-05-13 18:45 - 2014-05-13 18:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-13 18:36 - 2014-05-05 18:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-13 18:36 - 2014-05-05 18:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-13 18:36 - 2014-05-05 18:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 18:22 - 2014-05-13 18:22 - 00001059 _____ () C:\Users\mike\Desktop\Revo Uninstaller.lnk
2014-05-13 18:22 - 2014-05-13 18:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-13 18:21 - 2014-05-13 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mike\Downloads\revosetup.exe
2014-05-13 18:21 - 2014-03-25 08:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 18:12 - 2014-05-13 18:15 - 10619688 _____ (VS Revo Group ) C:\Users\mike\Downloads\RevoUninProSetup (2).exe
2014-05-13 18:07 - 2014-05-13 18:08 - 10619688 _____ (VS Revo Group ) C:\Users\mike\Downloads\RevoUninProSetup (1).exe
2014-05-11 22:31 - 2014-05-11 22:31 - 00029025 _____ () C:\Users\mike\Desktop\sfcdetails.txt
2014-05-10 23:30 - 2014-05-10 23:30 - 00048896 _____ () C:\Users\mike\Downloads\Extras.Txt
2014-05-10 23:29 - 2014-05-10 23:29 - 00176478 _____ () C:\Users\mike\Downloads\OTL.Txt
2014-05-10 22:52 - 2014-05-10 22:52 - 00602112 _____ (OldTimer Tools) C:\Users\mike\Downloads\OTL.exe
2014-05-10 22:49 - 2014-05-10 22:50 - 01316991 _____ () C:\Users\mike\Downloads\adwcleaner (1).exe
2014-05-10 22:47 - 2014-05-15 17:50 - 00028411 _____ () C:\Windows\system32\Result.txt
2014-05-10 22:45 - 2014-05-10 22:45 - 00982016 _____ (Farbar) C:\Users\mike\Downloads\MiniToolBox (1).exe
2014-05-10 20:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-10 20:37 - 2014-05-10 20:37 - 01316991 _____ () C:\Users\mike\Downloads\AdwCleaner.exe
2014-05-10 20:31 - 2014-05-10 20:31 - 00018152 _____ () C:\Users\mike\Downloads\Result.txt
2014-05-10 20:30 - 2014-05-10 20:30 - 00982016 _____ (Farbar) C:\Users\mike\Downloads\MiniToolBox.exe
2014-05-10 12:35 - 2014-05-10 12:35 - 00000778 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-05-10 12:34 - 2014-05-10 12:35 - 00000000 ____D () C:\Program Files\Speccy
2014-05-10 12:32 - 2014-05-10 12:33 - 04890736 _____ (Piriform Ltd) C:\Users\mike\Downloads\spsetup126.exe
2014-05-06 05:37 - 2014-05-07 19:44 - 00000000 ____D () C:\Users\mike\AppData\Local\Intuit
2014-05-05 22:02 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\system32\cdintf400.dll
2014-05-05 22:00 - 2014-05-05 22:00 - 00002050 _____ () C:\Users\Public\Desktop\QuickBooks Professional Bookkeeper 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00002046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks File Manager 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00002034 _____ () C:\Users\Public\Desktop\QuickBooks File Manager 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-05-05 21:48 - 2014-05-05 21:48 - 00000000 ____D () C:\Program Files\Common Files\Nuance
2014-05-05 21:47 - 2014-05-07 19:54 - 00000000 ____D () C:\ProgramData\Intuit
2014-05-05 21:47 - 2014-05-05 21:51 - 00000000 ____D () C:\Program Files\Intuit
2014-05-05 21:47 - 2014-05-05 21:51 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-05-05 21:47 - 2014-05-05 21:47 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-05-05 21:47 - 2014-05-05 21:47 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-05 21:46 - 2014-05-07 21:01 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-05-05 21:46 - 2014-05-05 22:01 - 00000095 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-05-05 21:41 - 2014-05-05 21:41 - 00000000 ____D () C:\Windows\Intuit
2014-05-05 20:07 - 2014-05-05 20:07 - 00000059 _____ () C:\Users\mike\Desktop\Access cPanel Webmail.url
2014-05-05 19:59 - 2014-05-06 05:38 - 00000000 ____D () C:\Users\mike\Documents\Outlook Files
2014-05-05 19:29 - 2014-05-05 20:33 - 526215040 _____ (Intuit, Inc. ) C:\Users\mike\Desktop\QuickBooksPremier2013.exe
2014-05-05 19:29 - 2014-05-05 20:01 - 00000668 _____ () C:\Users\mike\Desktop\Setup_QuickBooksPremier2013.lnk
2014-05-05 19:29 - 2014-05-05 19:29 - 00537848 _____ () C:\Users\mike\Downloads\Setup_QuickBooksPremier2013.exe
2014-05-05 18:50 - 2014-05-05 18:50 - 00001360 _____ () C:\Users\mike\Desktop\capybara.arvixe.com Secure WebDisk.lnk
2014-05-05 18:49 - 2014-05-05 18:49 - 00003389 _____ () C:\Users\mike\Downloads\capybara.arvixe.com Secure WebDisk.vbs
2014-05-01 17:39 - 2014-05-26 21:24 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-466861290-3579517608-2456513942-1002.job
2014-05-01 17:39 - 2014-05-01 17:39 - 00002343 _____ () C:\Users\mike\Desktop\GoToMeeting Quick Connect.lnk
2014-05-01 17:38 - 2014-05-01 17:39 - 00000000 ____D () C:\Users\mike\AppData\Local\Citrix
2014-04-27 14:50 - 2014-04-27 14:50 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Oracle
2014-04-27 14:49 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-27 14:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-27 14:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-27 14:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-27 14:47 - 2014-04-27 14:49 - 00004024 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-27 14:45 - 2014-04-27 14:45 - 00921512 _____ (Oracle Corporation) C:\Users\mike\Downloads\chromeinstall-7u55.exe

==================== One Month Modified Files and Folders =======

2014-05-26 21:39 - 2014-05-26 21:39 - 00013562 _____ () C:\Users\mike\Downloads\FRST.txt
2014-05-26 21:39 - 2014-05-26 21:38 - 00000000 ____D () C:\FRST
2014-05-26 21:38 - 2014-05-26 21:38 - 01056256 _____ (Farbar) C:\Users\mike\Downloads\FRST.exe
2014-05-26 21:35 - 2013-10-03 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:31 - 2007-04-24 05:33 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-26 21:24 - 2014-05-01 17:39 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-466861290-3579517608-2456513942-1002.job
2014-05-26 21:23 - 2013-09-23 07:03 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 21:23 - 2010-02-27 07:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-26 21:16 - 2014-05-26 21:16 - 00000288 _____ () C:\Windows\Tasks\Speedial.job
2014-05-26 21:16 - 2014-05-26 21:15 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Speedial
2014-05-26 21:15 - 2014-05-26 21:15 - 00000000 ____D () C:\Program Files\Speedial
2014-05-26 21:14 - 2014-05-26 21:14 - 00820840 _____ ( ) C:\Users\mike\Downloads\winzip18.exe
2014-05-26 21:10 - 2014-05-15 17:44 - 00061285 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 21:02 - 2010-02-27 07:49 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-26 21:02 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 21:02 - 2006-11-02 07:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:02 - 2006-11-02 07:47 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 21:59 - 2006-11-02 08:01 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-18 22:14 - 2014-05-18 22:01 - 00000000 ____D () C:\Users\mike\Desktop\RK_Quarantine
2014-05-18 22:06 - 2014-05-18 22:06 - 00002632 _____ () C:\Users\mike\Desktop\RKreport[0]_D_05182014_220611.txt
2014-05-18 22:05 - 2014-05-18 22:05 - 00002570 _____ () C:\Users\mike\Desktop\RKreport[0]_S_05182014_220547.txt
2014-05-18 22:01 - 2014-05-18 22:01 - 03972608 _____ () C:\Users\mike\Downloads\RogueKiller (1).exe
2014-05-18 22:00 - 2014-05-18 21:59 - 03972608 _____ () C:\Users\mike\Downloads\RogueKiller.exe
2014-05-18 21:59 - 2014-05-18 21:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 21:59 - 2014-05-18 21:59 - 00000000 _____ () C:\Windows\setupact.log
2014-05-18 21:56 - 2014-05-18 21:55 - 00000637 _____ () C:\Users\mike\Desktop\JRT.txt
2014-05-18 21:50 - 2014-05-18 21:50 - 01016261 _____ (Thisisu) C:\Users\mike\Downloads\JRT (1).exe
2014-05-15 22:12 - 2014-04-21 21:14 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 21:11 - 2009-01-19 10:37 - 00000000 ____D () C:\Windows\pss
2014-05-15 17:50 - 2014-05-15 17:50 - 00028411 _____ () C:\Users\mike\Desktop\Result.txt
2014-05-15 17:50 - 2014-05-10 22:47 - 00028411 _____ () C:\Windows\system32\Result.txt
2014-05-15 17:14 - 2014-05-15 17:14 - 00006157 _____ () C:\Users\mike\Desktop\zoek-results.txt
2014-05-15 17:14 - 2013-09-23 17:31 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 17:14 - 2013-09-23 17:31 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 17:14 - 2013-09-23 17:31 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-05-15 17:13 - 2014-01-14 18:01 - 00006157 _____ () C:\zoek-results.log
2014-05-15 17:09 - 2014-05-15 17:09 - 00000000 ____D () C:\Users\mike\AppData\Local\VirtualStore
2014-05-15 16:52 - 2014-01-14 17:59 - 00000000 ____D () C:\zoek_backup
2014-05-15 12:22 - 2014-05-15 17:04 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-15 12:09 - 2014-05-15 12:11 - 04095370 _____ () C:\Users\mike\Desktop\zoek.zip
2014-05-15 09:03 - 2014-05-15 09:03 - 00000000 ____D () C:\rsit
2014-05-14 21:37 - 2013-10-03 18:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 21:37 - 2013-10-03 18:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-05-13 21:09 - 2014-05-13 21:09 - 03218352 _____ (McAfee, Inc.) C:\Users\mike\Downloads\MCPR.exe
2014-05-13 20:51 - 2014-05-13 20:51 - 00813920 _____ (Microsoft Corporation) C:\Users\mike\Downloads\VS10sp1-KB983509 (1).exe
2014-05-13 20:48 - 2014-05-13 20:47 - 08990552 _____ (Microsoft Corporation) C:\Users\mike\Downloads\vcredist_x86.exe
2014-05-13 20:46 - 2014-05-13 20:46 - 00813920 _____ (Microsoft Corporation) C:\Users\mike\Downloads\VS10sp1-KB983509.exe
2014-05-13 20:45 - 2014-05-13 20:44 - 07186992 _____ (Microsoft Corporation) C:\Users\mike\Downloads\vcredist_x64.exe
2014-05-13 20:15 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-13 20:02 - 2014-05-13 20:02 - 00889416 _____ (Microsoft Corporation) C:\Users\mike\Downloads\dotNetFx40_Full_setup.exe
2014-05-13 19:48 - 2006-11-02 05:33 - 00782102 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 18:48 - 2008-03-25 18:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-13 18:45 - 2014-05-13 18:45 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-13 18:44 - 2013-09-23 05:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-13 18:39 - 2006-11-02 05:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 18:22 - 2014-05-13 18:22 - 00001059 _____ () C:\Users\mike\Desktop\Revo Uninstaller.lnk
2014-05-13 18:22 - 2014-05-13 18:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-13 18:22 - 2014-05-13 18:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\mike\Downloads\revosetup.exe
2014-05-13 18:15 - 2014-05-13 18:12 - 10619688 _____ (VS Revo Group ) C:\Users\mike\Downloads\RevoUninProSetup (2).exe
2014-05-13 18:08 - 2014-05-13 18:07 - 10619688 _____ (VS Revo Group ) C:\Users\mike\Downloads\RevoUninProSetup (1).exe
2014-05-11 22:31 - 2014-05-11 22:31 - 00029025 _____ () C:\Users\mike\Desktop\sfcdetails.txt
2014-05-10 23:30 - 2014-05-10 23:30 - 00048896 _____ () C:\Users\mike\Downloads\Extras.Txt
2014-05-10 23:29 - 2014-05-10 23:29 - 00176478 _____ () C:\Users\mike\Downloads\OTL.Txt
2014-05-10 22:52 - 2014-05-10 22:52 - 00602112 _____ (OldTimer Tools) C:\Users\mike\Downloads\OTL.exe
2014-05-10 22:50 - 2014-05-10 22:49 - 01316991 _____ () C:\Users\mike\Downloads\adwcleaner (1).exe
2014-05-10 22:45 - 2014-05-10 22:45 - 00982016 _____ (Farbar) C:\Users\mike\Downloads\MiniToolBox (1).exe
2014-05-10 20:40 - 2014-01-14 23:00 - 00000000 ____D () C:\AdwCleaner
2014-05-10 20:37 - 2014-05-10 20:37 - 01316991 _____ () C:\Users\mike\Downloads\AdwCleaner.exe
2014-05-10 20:31 - 2014-05-10 20:31 - 00018152 _____ () C:\Users\mike\Downloads\Result.txt
2014-05-10 20:30 - 2014-05-10 20:30 - 00982016 _____ (Farbar) C:\Users\mike\Downloads\MiniToolBox.exe
2014-05-10 12:35 - 2014-05-10 12:35 - 00000778 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-05-10 12:35 - 2014-05-10 12:34 - 00000000 ____D () C:\Program Files\Speccy
2014-05-10 12:33 - 2014-05-10 12:32 - 04890736 _____ (Piriform Ltd) C:\Users\mike\Downloads\spsetup126.exe
2014-05-07 21:01 - 2014-05-05 21:46 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11
2014-05-07 19:54 - 2014-05-05 21:47 - 00000000 ____D () C:\ProgramData\Intuit
2014-05-07 19:44 - 2014-05-06 05:37 - 00000000 ____D () C:\Users\mike\AppData\Local\Intuit
2014-05-07 19:44 - 2006-11-02 07:47 - 00449272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-06 21:25 - 2014-01-27 11:27 - 00124360 _____ () C:\Users\mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-06 05:38 - 2014-05-05 19:59 - 00000000 ____D () C:\Users\mike\Documents\Outlook Files
2014-05-05 22:04 - 2012-10-22 08:21 - 00000000 ____D () C:\Users\mike
2014-05-05 22:01 - 2014-05-05 21:46 - 00000095 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-05-05 22:00 - 2014-05-05 22:00 - 00002050 _____ () C:\Users\Public\Desktop\QuickBooks Professional Bookkeeper 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00002046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks File Manager 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00002034 _____ () C:\Users\Public\Desktop\QuickBooks File Manager 2013.lnk
2014-05-05 22:00 - 2014-05-05 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-05-05 21:51 - 2014-05-05 21:47 - 00000000 ____D () C:\Program Files\Intuit
2014-05-05 21:51 - 2014-05-05 21:47 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-05-05 21:48 - 2014-05-05 21:48 - 00000000 ____D () C:\Program Files\Common Files\Nuance
2014-05-05 21:47 - 2014-05-05 21:47 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-05-05 21:47 - 2014-05-05 21:47 - 00000000 ____D () C:\ProgramData\Nuance
2014-05-05 21:41 - 2014-05-05 21:41 - 00000000 ____D () C:\Windows\Intuit
2014-05-05 20:33 - 2014-05-05 19:29 - 526215040 _____ (Intuit, Inc. ) C:\Users\mike\Desktop\QuickBooksPremier2013.exe
2014-05-05 20:07 - 2014-05-05 20:07 - 00000059 _____ () C:\Users\mike\Desktop\Access cPanel Webmail.url
2014-05-05 20:01 - 2014-05-05 19:29 - 00000668 _____ () C:\Users\mike\Desktop\Setup_QuickBooksPremier2013.lnk
2014-05-05 19:29 - 2014-05-05 19:29 - 00537848 _____ () C:\Users\mike\Downloads\Setup_QuickBooksPremier2013.exe
2014-05-05 18:50 - 2014-05-05 18:50 - 00001360 _____ () C:\Users\mike\Desktop\capybara.arvixe.com Secure WebDisk.lnk
2014-05-05 18:49 - 2014-05-05 18:49 - 00003389 _____ () C:\Users\mike\Downloads\capybara.arvixe.com Secure WebDisk.vbs
2014-05-05 18:32 - 2014-05-13 18:36 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 18:14 - 2014-05-13 18:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 18:14 - 2014-05-13 18:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 17:39 - 2014-05-01 17:39 - 00002343 _____ () C:\Users\mike\Desktop\GoToMeeting Quick Connect.lnk
2014-05-01 17:39 - 2014-05-01 17:38 - 00000000 ____D () C:\Users\mike\AppData\Local\Citrix
2014-04-27 14:51 - 2013-05-12 12:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-04-27 14:50 - 2014-04-27 14:50 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Oracle
2014-04-27 14:49 - 2014-04-27 14:47 - 00004024 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-27 14:48 - 2013-05-12 12:32 - 00000000 ____D () C:\Program Files\Java
2014-04-27 14:45 - 2014-04-27 14:45 - 00921512 _____ (Oracle Corporation) C:\Users\mike\Downloads\chromeinstall-7u55.exe

Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\ICReinstall_winzip18.exe
C:\Users\mike\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-26 21:14

==================== End Of Log ============================
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#25
Open a command prompt. (Run a command prompt as Administrator in Windows vista/7/8)
Copy command line and Paste, hit enter after each.

Code:
sc stop "DSBrokerService"
sc config "DSBrokerService" start= disabled

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64andfixlist.txt are in the same location or the fix will not work.

NOTICE:This script was written specifically forthis user,foruse on that particular machine.Runningthis on another machine may cause damage to your operating system

RunFRST/FRST64and press the Fix button just once and wait.Iffor some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run.When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.

  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

Please post any remaining issues in your next reply. :)
 

Attachments

#26
When I ran the command prompt I got the following:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sc stop "DSBrokerService"
[SC] ControlService FAILED 1062:

The service has not been started.


C:\Windows\system32>sc config "DSBrokerService" start= disabled
[SC] ChangeServiceConfig SUCCESS

C:\Windows\system32>
 
#27
Here is the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by mike at 2014-05-27 17:46:05 Run:1
Running from C:\Users\mike\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Runonce: [Del882279] - cmd.exe /Q /D /c del "C:\Users\mike\AppData\Local\Temp\0.del"
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_wnzp...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_wnzp...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0BzyyCzztBtDyE0A0ByEyB0FtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtA0E0DtBtD0EyBtG0D0F0BtCtGtA0D0BtCtG0E0DzyyCtGyD0BzztDtDtB0ByDtBtCtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0E0FyD0CzztGyEtAyB0CtGzy0C0B0CtGzyzy0E0BtGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir="
CHR DefaultSearchKeyword: speedial.com
CHR DefaultSearchProvider: Speedial
CHR DefaultSearchURL: http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=
CHR Extension: (Speedial) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-05-26]
S3 PCD5SRVC{57CE0040-62CCC763-05040000}; \??\C:\PROGRA~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [X]
2014-05-26 21:16 - 2014-05-26 21:16 - 00000288 _____ () C:\Windows\Tasks\Speedial.job
2014-05-26 21:15 - 2014-05-26 21:16 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Speedial
2014-05-26 21:15 - 2014-05-26 21:15 - 00000000 ____D () C:\Program Files\Speedial
2014-05-26 21:16 - 2014-05-26 21:16 - 00000288 _____ () C:\Windows\Tasks\Speedial.job
2014-05-26 21:16 - 2014-05-26 21:15 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Speedial
2014-05-26 21:15 - 2014-05-26 21:15 - 00000000 ____D () C:\Program Files\Speedial
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {BFB252E4-1C79-4AF4-BF4D-373699ADE5C0} - System32\Tasks\Speedial => C:\Users\mike\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Speedial.job => C:\Users\mike\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del882279 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => Key deleted successfully.
C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll not found.
CHR StartupUrls: "hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzutDtDtCzy0BzyyCzztBtDyE0A0ByEyB0FtN0D0Tzu0SzzyByBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtA0E0DtBtD0EyBtG0D0F0BtCtGtA0D0BtCtG0E0DzyyCtGyD0BzztDtDtB0ByDtBtCtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0D0B0E0FyD0CzztGyEtAyB0CtGzy0C0B0CtGzyzy0E0BtGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir=" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: speedial.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Speedial ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://speedial.com/results.php?f=4...tGtCzz0AtDzz0CtDyC0ByBtC0B2Q&cr=946805213&ir= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd => Moved successfully.
PCD5SRVC{57CE0040-62CCC763-05040000} => Service deleted successfully.
C:\Windows\Tasks\Speedial.job => Moved successfully.
"C:\Users\mike\AppData\Roaming\Speedial" => File/Directory not found.
"C:\Program Files\Speedial" => File/Directory not found.
"C:\Windows\Tasks\Speedial.job" => File/Directory not found.
"C:\Users\mike\AppData\Roaming\Speedial" => File/Directory not found.
"C:\Program Files\Speedial" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2DE18FE4-6467-484F-8431-206702EC5546} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DE18FE4-6467-484F-8431-206702EC5546} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E5B7D97-F14C-4CFF-864E-620AABA892D1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E5B7D97-F14C-4CFF-864E-620AABA892D1} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFB252E4-1C79-4AF4-BF4D-373699ADE5C0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFB252E4-1C79-4AF4-BF4D-373699ADE5C0} => Key deleted successfully.
C:\Windows\System32\Tasks\Speedial => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\Speedial.job not found.

==== End of Fixlog ====
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#29
Note: Whilst running this tool, your anti-virus must be disabled.

Can you please download the All in one Repair tool.
  • Once it has downloaded, right-click it and select Run as administrator (xp users doulbe click)
  • Once it is open, select Step 4 from the tabs along the top.
  • Create a backup of your registry by selecting Backup
  • After that has finished, click on the Start Repairs tab, and select Start
  • Make sure the boxes shown in the following screenshot are selected:

  • Select Start, and let the program run.
  • After the tool completes it will shutdown your machine, reboot the machine a couple of times after the initial shutdown.
 

Malnutrition

Still Hungry
iHF Master Craftsman
#33
Well here you are please run the All in one tool with the boxes ticked in this new screen shot below. Make sure and create a back up of the registry as per the previous instructions.

 

Malnutrition

Still Hungry
iHF Master Craftsman
#35
Ok, please run the all in one tool and then test your machine a bit. Get back to me and we will conclude the thread by cleaning up the tools we used and clearing your restore points.... :)