Skip to main content

Comments

8 comments

  • Support

    Hi starhive,

     

    I see drivers and other files of Ad-Aware 9 and 10 in the System Information file, but not much of Ad-Aware 11. I think it's necessary to get rid of the old versions before installing Ad-Aware 11 again. I think the easiest way of doing that is to use the FRST program.

     

    Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop: http://download.bleepingcomputer.com/farbar/FRST.exe

     

    Close all programs.

    In Control Panel - Programs and Features, please uninstall all programs that have Ad-Aware or Lavasoft in their name.

    Restart the computer.

    Start the FRST program by right-clicking it and select Run as Administrator.

    Read the disclaimer and click Yes to accept it.
    Click Scan button.
    When done, FRST will make a log file, called FRST.txt, on the desktop.

    Please, open the log file in Notepad, copy its content and past it into your reply.

    0
  • Customer

    Hi CecilliaB,

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 02

    Ran by olddog (administrator) on OLDDOG-PC on 04-12-2013 22:45:11

    Running from C:\Users\olddog\Desktop

    Microsoft® Windows Vista™ Business Service Pack 1 (X86) OS Language: English(US)

    Internet Explorer Version 7

    Boot Mode: Normal


    ==================== Processes (Whitelisted) ===================


    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE

    (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe

    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

    (Spotify Ltd) C:\Users\olddog\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    (Microsoft Corporation) C:\Windows\System32\conime.exe

    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


    ==================== Registry (Whitelisted) ==================


    HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)

    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)

    HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

    HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-06-19] (RealNetworks, Inc.)

    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

    HKCU\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-18] ()

    HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)

    HKCU\...\Run: [Google Update] - C:\Users\olddog\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-10] (Google Inc.)

    HKCU\...\Run: [spotify Web Helper] - C:\Users\olddog\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-04-25] (Spotify Ltd)

    HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [202240 2008-01-21] (Microsoft Corporation)

    MountPoints2: G - G:\AutoRun.exe

    MountPoints2: {1429f111-986c-11e2-9851-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {3c4f92e4-af9e-11e0-a0cc-001e101fe5e1} - G:\AutoRun.exe

    MountPoints2: {3dbe42fd-92c7-11e2-915a-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {5b477f79-8b0f-11e2-b0d3-0015c56a9e1e} - H:\AutoRun.exe

    MountPoints2: {5b477f7d-8b0f-11e2-b0d3-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {5b477f7e-8b0f-11e2-b0d3-0015c56a9e1e} - G:\AutoRun.exe

    MountPoints2: {5b477f8c-8b0f-11e2-b0d3-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {71c08f11-9579-11e2-b725-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {71c08f2f-9579-11e2-b725-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {7f855b69-aff7-11e0-8a9b-001e101f2c0e} - F:\AutoRun.exe

    MountPoints2: {9329750c-9156-11e2-a5a7-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf20-3529-11e2-a7bd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf2b-3529-11e2-a7bd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf35-3529-11e2-a7bd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf3f-3529-11e2-a7bd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf49-3529-11e2-a7bd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {af5ccf64-3529-11e2-a7bd-001e101f82a7} - F:\AutoRun.exe

    MountPoints2: {b1c5e2fb-912f-11e2-b6fd-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {b1c5e2ff-912f-11e2-b6fd-0016cfffa262} - F:\AutoRun.exe

    MountPoints2: {b6533594-9620-11e2-b673-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {cfc35009-f84d-11e0-a107-001e101f82a0} - F:\AutoRun.exe

    MountPoints2: {d0edd892-aafc-11e0-ba46-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {d0edd8d2-aafc-11e0-ba46-001e101f8ed0} - F:\AutoRun.exe

    MountPoints2: {de9adeea-9765-11e2-acb8-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {e37575fc-906b-11e2-9539-0015c56a9e1e} - F:\AutoRun.exe

    MountPoints2: {e7b33313-5438-11e2-80e6-001e101fb45e} - F:\AutoRun.exe

    MountPoints2: {fd2c3011-8b36-11e2-b6aa-0015c56a9e1e} - F:\AutoRun.exe

    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter


    ==================== Internet (Whitelisted) ====================



    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

    URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File

    SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e

    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

    BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

    BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\kelly\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab


    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\kelly\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    Tcpip\..\Interfaces\{24CDC7BB-1323-44F1-A22E-BEEA509B2617}: [NameServer]8.8.8.8,8.8.4.4


    Chrome:

    =======


    CHR Plugin: (Shockwave Flash) - C:\Users\olddog\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()

    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

    CHR Plugin: (Native Client) - C:\Users\olddog\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

    CHR Plugin: (Chrome PDF Viewer) - C:\Users\olddog\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

    CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1519\npplugin2.dll (PPLive Corporation)

    CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

    CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File

    CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File

    CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\olddog\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    CHR Plugin: (RockMelt Update) - C:\Users\olddog\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll No File

    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

    CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

    CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File

    CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

    CHR Extension: (Bejeweled) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0

    CHR Extension: (Beat the Boot (by Google)) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.1_0

    CHR Extension: (Angry Birds) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

    CHR Extension: (Google Drive) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

    CHR Extension: (YouTube) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

    CHR Extension: (Virtual Classic Guitar) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmjiphokdmfagjdbidjffpandipkkafg\2_0

    CHR Extension: (Google Search) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

    CHR Extension: (Silver Bird) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.10.2_0

    CHR Extension: (Countdown) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpgobmdmbpekdmokakiajlcdljldhbm\5.1_0

    CHR Extension: (RealDownloader) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0

    CHR Extension: (9GAG Mini) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.75_0

    CHR Extension: (Skype Extension) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0

    CHR Extension: (Guitar Chords) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh\1.4_0

    CHR Extension: (Google Dictionary (by Google)) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

    CHR Extension: (Google Mail Checker) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0

    CHR Extension: (ButtonBeats Guitar) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf\5_0

    CHR Extension: (Google Wallet) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

    CHR Extension: (Android) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pigamadkmnamoblmollkcflhaadibjha\1_0

    CHR Extension: (Gmail) - C:\Users\olddog\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - D:\kelly\Toolbars\Skype for Chromium\skype_chrome_extension.crx

    CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\adawaretb\chrome-newtab-search.crx

    CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx

    CHR StartMenuInternet: Google Chrome - C:\Users\olddog\AppData\Local\Google\Chrome\Application\chrome.exe


    ========================== Services (Whitelisted) =================


    R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)

    S3 MSFTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2008-01-21] (Microsoft Corporation)

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

    S2 SkypeUpdate; D:\kelly\Updater\Updater.exe [160944 2012-07-13] (Skype Technologies)


    ==================== Drivers (Whitelisted) ====================


    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-12-04] (GFI Software)

    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]

    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]

    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [x]

    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]

    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]

    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]

    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]

    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]


    ==================== NetSvcs (Whitelisted) ===================



    ==================== One Month Created Files and Folders ========


    2013-12-04 22:45 - 2013-12-04 22:46 - 00016013 _____ C:\Users\olddog\Desktop\FRST.txt

    2013-12-04 22:45 - 2013-12-04 22:45 - 00000000 ____D C:\FRST

    2013-12-04 20:57 - 2013-12-04 21:00 - 01092545 _____ (Farbar) C:\Users\olddog\Desktop\FRST.exe

    2013-12-04 03:59 - 2013-12-04 03:59 - 00060520 _____ C:\Users\olddog\Desktop\system info.zip

    2013-12-04 03:57 - 2013-12-04 03:57 - 01290752 _____ C:\Users\olddog\Desktop\system info.nfo

    2013-12-04 03:50 - 2013-12-04 03:50 - 00024364 _____ C:\Users\olddog\Desktop\MSI87146.zip

    2013-12-04 03:50 - 2013-12-04 03:50 - 00024343 _____ C:\Users\olddog\Desktop\MSI56c82.zip

    2013-12-04 03:49 - 2013-12-04 03:49 - 00003696 _____ C:\Users\olddog\Desktop\MSI5a0ac.zip

    2013-12-04 03:47 - 2013-12-04 03:47 - 00010841 _____ C:\Users\olddog\Desktop\Ad-Aware 11.zip

    2013-12-04 03:32 - 2013-12-04 03:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

    2013-12-04 03:21 - 2008-04-18 13:30 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2013-12-04 03:21 - 2008-04-18 13:30 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

    2013-12-04 03:21 - 2008-04-18 10:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

    2013-12-04 03:21 - 2008-04-18 10:33 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll

    2013-12-04 03:18 - 2013-12-04 03:18 - 01768236 _____ C:\Users\olddog\Downloads\Windows6.0-KB942288-v2-x86.msu

    2013-12-04 03:09 - 2013-12-04 03:09 - 01723528 _____ C:\Users\olddog\Downloads\Adaware_Installer (1).exe

    2013-12-04 00:47 - 2013-12-04 00:47 - 00524288 _____ C:\Users\olddog\Downloads\E674.tmp

    2013-11-30 07:05 - 2013-11-30 07:05 - 00067584 _____ C:\Users\olddog\Downloads\service-invoice-with-hourly-rate.xls

    2013-11-30 06:57 - 2013-11-30 06:57 - 00011840 _____ C:\Users\olddog\Downloads\Blank-Invoice-Template.zip

    2013-11-30 06:53 - 2013-11-30 06:53 - 00011130 _____ C:\Users\olddog\Downloads\Service-Invoice-Template.zip

    2013-11-10 21:15 - 2013-11-10 21:15 - 00000000 ____D C:\Users\olddog\Documents\VLE

    2013-11-10 21:13 - 2013-11-10 21:15 - 00000000 ____D C:\Users\olddog\Documents\Fiction of Relationship

    2013-11-08 08:55 - 2013-11-08 08:55 - 00000000 ____D C:\Users\olddog\AppData\Roaming\Mozilla

    2013-11-07 17:12 - 2013-11-07 17:12 - 00977408 _____ C:\Users\olddog\Downloads\Labelling_Theory_of_Crime.ppt


    ==================== One Month Modified Files and Folders =======


    2013-12-04 22:46 - 2013-12-04 22:45 - 00016013 _____ C:\Users\olddog\Desktop\FRST.txt

    2013-12-04 22:45 - 2013-12-04 22:45 - 00000000 ____D C:\FRST

    2013-12-04 22:38 - 2011-07-10 01:46 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2013-12-04 22:38 - 2008-01-21 09:39 - 02094740 _____ C:\Windows\WindowsUpdate.log

    2013-12-04 22:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\inetsrv

    2013-12-04 22:23 - 2006-11-02 21:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2013-12-04 22:23 - 2006-11-02 21:00 - 00023788 _____ C:\Windows\PFRO.log

    2013-12-04 22:23 - 2006-11-02 20:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    2013-12-04 22:23 - 2006-11-02 20:47 - 00004880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    2013-12-04 22:22 - 2011-07-10 01:49 - 00000836 _____ C:\Windows\bthservsdp.dat

    2013-12-04 22:22 - 2006-11-02 21:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    2013-12-04 22:20 - 2011-07-10 01:46 - 00000000 ____D C:\ProgramData\Lavasoft

    2013-12-04 22:07 - 2011-07-10 01:46 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2013-12-04 21:54 - 2011-07-10 22:08 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110396276-1617908096-1390651286-1000UA.job

    2013-12-04 21:04 - 2011-10-24 14:34 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110396276-1617908096-1390651286-1000UA.job

    2013-12-04 21:00 - 2013-12-04 20:57 - 01092545 _____ (Farbar) C:\Users\olddog\Desktop\FRST.exe

    2013-12-04 19:18 - 2011-07-16 19:25 - 00186585 _____ C:\aaw7boot.log

    2013-12-04 03:59 - 2013-12-04 03:59 - 00060520 _____ C:\Users\olddog\Desktop\system info.zip

    2013-12-04 03:57 - 2013-12-04 03:57 - 01290752 _____ C:\Users\olddog\Desktop\system info.nfo

    2013-12-04 03:50 - 2013-12-04 03:50 - 00024364 _____ C:\Users\olddog\Desktop\MSI87146.zip

    2013-12-04 03:50 - 2013-12-04 03:50 - 00024343 _____ C:\Users\olddog\Desktop\MSI56c82.zip

    2013-12-04 03:50 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\rescache

    2013-12-04 03:49 - 2013-12-04 03:49 - 00003696 _____ C:\Users\olddog\Desktop\MSI5a0ac.zip

    2013-12-04 03:47 - 2013-12-04 03:47 - 00010841 _____ C:\Users\olddog\Desktop\Ad-Aware 11.zip

    2013-12-04 03:41 - 2013-02-01 18:23 - 00000916 _____ C:\Users\olddog\Desktop\Resume Ad-Aware Free Antivirus+ Installation.lnk

    2013-12-04 03:40 - 2013-02-01 18:04 - 00044424 _____ (GFI Software) C:\Windows\system32\sbbd.exe

    2013-12-04 03:40 - 2013-02-01 18:04 - 00013560 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys

    2013-12-04 03:32 - 2013-12-04 03:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\zh-TW

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\zh-CN

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\uk-UA

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\tr-TR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\th-TH

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\sv-SE

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\sr-Latn-CS

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\sl-SI

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\sk-SK

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\ru-RU

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\ro-RO

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\pt-PT

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\pt-BR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\pl-PL

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\nl-NL

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\nb-NO

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\lv-LV

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\lt-LT

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\ko-KR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\ja-JP

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\it-IT

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\hu-HU

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\hr-HR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\he-IL

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\fr-FR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\fi-FI

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\et-EE

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\el-GR

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\de-DE

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\bg-BG

    2013-12-04 03:25 - 2006-11-02 19:18 - 00000000 ____D C:\Windows\system32\ar-SA

    2013-12-04 03:18 - 2013-12-04 03:18 - 01768236 _____ C:\Users\olddog\Downloads\Windows6.0-KB942288-v2-x86.msu

    2013-12-04 03:09 - 2013-12-04 03:09 - 01723528 _____ C:\Users\olddog\Downloads\Adaware_Installer (1).exe

    2013-12-04 00:47 - 2013-12-04 00:47 - 00524288 _____ C:\Users\olddog\Downloads\E674.tmp

    2013-12-02 15:03 - 2011-10-24 14:34 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3110396276-1617908096-1390651286-1000Core.job

    2013-12-02 13:28 - 2011-07-09 23:26 - 00023040 _____ C:\Users\olddog\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2013-12-02 13:24 - 2006-11-02 18:33 - 00794484 _____ C:\Windows\system32\PerfStringBackup.INI

    2013-12-02 13:23 - 2006-11-02 20:52 - 00159389 _____ C:\Windows\setupact.log

    2013-12-01 18:22 - 2011-07-14 20:59 - 00000064 _____ C:\Windows\system32\rp_stats.dat

    2013-12-01 18:22 - 2011-07-14 20:59 - 00000044 _____ C:\Windows\system32\rp_rules.dat

    2013-11-30 07:20 - 2011-07-09 22:40 - 00000000 ____D C:\Users\olddog\AppData\Local\Microsoft Help

    2013-11-30 07:05 - 2013-11-30 07:05 - 00067584 _____ C:\Users\olddog\Downloads\service-invoice-with-hourly-rate.xls

    2013-11-30 06:57 - 2013-11-30 06:57 - 00011840 _____ C:\Users\olddog\Downloads\Blank-Invoice-Template.zip

    2013-11-30 06:53 - 2013-11-30 06:53 - 00011130 _____ C:\Users\olddog\Downloads\Service-Invoice-Template.zip

    2013-11-24 01:13 - 2011-07-09 19:23 - 00000000 ____D C:\Users\olddog

    2013-11-19 18:21 - 2011-07-12 15:38 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    2013-11-18 10:57 - 2011-07-10 22:10 - 00002047 _____ C:\Users\olddog\Desktop\Google Chrome.lnk

    2013-11-10 21:15 - 2013-11-10 21:15 - 00000000 ____D C:\Users\olddog\Documents\VLE

    2013-11-10 21:15 - 2013-11-10 21:13 - 00000000 ____D C:\Users\olddog\Documents\Fiction of Relationship

    2013-11-08 08:55 - 2013-11-08 08:55 - 00000000 ____D C:\Users\olddog\AppData\Roaming\Mozilla

    2013-11-08 08:54 - 2011-07-10 22:08 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3110396276-1617908096-1390651286-1000Core.job

    2013-11-07 17:12 - 2013-11-07 17:12 - 00977408 _____ C:\Users\olddog\Downloads\Labelling_Theory_of_Crime.ppt


    Some content of TEMP:

    ====================

    C:\Users\olddog\AppData\Local\Temp\15146ffb-2313-4223-9ba4-10c519cdd761.exe

    C:\Users\olddog\AppData\Local\Temp\2fa6e122-1965-4d2f-90d7-43f5615130f6.exe

    C:\Users\olddog\AppData\Local\Temp\584ee40f-0358-4a6d-8459-52370f003baf.exe

    C:\Users\olddog\AppData\Local\Temp\5d234ad2-61b9-42ac-baee-18e4ae3859b8.exe

    C:\Users\olddog\AppData\Local\Temp\71806dbf-9a20-40cb-8bd1-7db4eaaddf6c.exe

    C:\Users\olddog\AppData\Local\Temp\c48dd54d-2147-40c3-abdb-d27e34aa25a7.exe

    C:\Users\olddog\AppData\Local\Temp\d5945e69-d9db-4faf-90b5-194301ee9cd3.exe

    C:\Users\olddog\AppData\Local\Temp\gcapi_dll.dll

    C:\Users\olddog\AppData\Local\Temp\htmlayout.dll

    C:\Users\olddog\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

    C:\Users\olddog\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

    C:\Users\olddog\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

    C:\Users\olddog\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

    C:\Users\olddog\AppData\Local\Temp\logclient.dll

    C:\Users\olddog\AppData\Local\Temp\lowproc.exe

    C:\Users\olddog\AppData\Local\Temp\peer.dll

    C:\Users\olddog\AppData\Local\Temp\PPTV_Update.exe

    C:\Users\olddog\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe

    C:\Users\olddog\AppData\Local\Temp\stubhelper.dll

    C:\Users\olddog\AppData\Local\Temp\tipsbubble.dll

    C:\Users\olddog\AppData\Local\Temp\tipsclient.dll

    C:\Users\olddog\AppData\Local\Temp\tipsdone.dll

    C:\Users\olddog\AppData\Local\Temp\uninst1.exe

    C:\Users\olddog\AppData\Local\Temp\uninstall22059765.exe

    C:\Users\olddog\AppData\Local\Temp\{EE9ED480-E145-4DFF-B8BF-BEF1CB98ABAB}-20.0.1132.57_20.0.1132.47_chrome_updater.exe



    ==================== Bamital & volsnap Check =================


    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



    LastRegBack: 2013-12-04 22:40


    ==================== End Of Log ============================

    0
  • Support

    Hi starhive,

     

    Please, start Notepad.
    Copy all text that is in the box:

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-12-04] (GFI Software)
    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
    2013-12-04 03:32 - 2013-12-04 03:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
    and paste in Notepad. Check that no file names have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your answer.

    You seems to have Babylon as your start page and search engine in Internet Explorer. Is that something you have selected or do you want it removed?

     

    There is an old Java version with many known vulnerabilities that makes it easy to infect the computer from a web page. Most users don't need to have Java installed, but if you must have it, it's very important that you always have the latest version. You can use Secunias Software Inspector to check if you have other old versions with vulnerabilities. http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

    0
  • Support

    You're welcome

    1. Good, nothing of the old versions of Ad-Aware should now be running and disturbing Ad-Aware 11.

    Please, note that when you have Microsoft Security Essentials (MSE) installed, Ad-Aware will be installed in compatible mode without real-time protection. You shouldn't turn on the real-time protection in Ad-Aware until you uninstall MSE, due to the risk of conflicts, e.g. if both programs discover a malicious file simultaneously, they will both try to move it to their quarantines and it's possible that none of them succeeds.

    In all tests from well-known test organisations, that I have seen, Ad-Aware has better results than MSE. My recommendation is to use Ad-Aware as the main antivirus program and then you can use an online scanner, e.g. from Microsoft or Eset, as a second opinion.

    2. You can use FRST to remove Babylon.

    Please, start Notepad.
    Copy all text that is in the box:


    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babyl...000001e101f2c0e
    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
    URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
    SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e
    BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx

    and paste in Notepad. Check that no file names have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your answer.

     

    3. Please, uninstall Java and install the offline version available on https://www.java.com/en/download/manual.jsp

    0
  • Customer

    Hi CeciliaB,

     

    No, I didn't select Babylon. How do I remove it?

    My Java also have updating problems too. It couldn't download the required stuffs, it seems, Might be my internet connection problem, I am not sure.

    Here's the fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2013 02

    Ran by olddog at 2013-12-05 11:38:52 Run:1

    Running from C:\Users\olddog\Desktop

    Boot Mode: Normal


    ==============================================


    Content of fixlist:

    *****************

    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-12-04] (GFI Software)

    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)

    2013-12-04 03:32 - 2013-12-04 03:32 - 00000000 ____D C:\Program Files\Common Files\Lavasoft

    *****************


    gfibto => Service deleted successfully.

    Lbd => Service deleted successfully.

    C:\Program Files\Common Files\Lavasoft => Moved successfully.



    The system needs a manual reboot.


    ==== End of Fixlog ====

     

     

    Thanks

    0
  • Customer

    Sorry for replying late.

     

    1. Yes, it works finally. It is downloading smoothly.

     

    2.

    Content of fixlist:

    *****************

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babyl...000001e101f2c0e

    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

    URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File

    SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e

    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116222&tt=4212_4&babsrc=SP_ss&mntrId=34f23331000000000000001e101f2c0e

    BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx

    *****************


    HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

    Default URLSearchHook was restored successfully .

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Value deleted successfully.

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.

    HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.

    HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.

    HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph => Key deleted successfully.

    "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx" => File/Directory not found.


    ==== End of Fixlog ====

     

     

    Thanks a lot, CeceliaB. Much appreciated.

    0
  • Support

    You're welcome, starhive

     

    If you don't have any questions, it's time to uninstall FRST.

     

    Download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.

     

    If any logs remain on the computer you can delete them.

    0
  • Support

    Hi delacroix05,

     

    I have moved your post to its own topic: http://www.lavasoftsupport.com/index.php?/topic/33817-delacroix05-splitted-topic/

    0

Please sign in to leave a comment.