Solved Freezing and then crash after first start-up

Anatoliy · Apr 18, 2015

Hi, everybody! Recently, something strange began to occur with my computer. Every morning, when I start-up, my computer freezes and then crashes in 2-5 mins. However, after second start-up, it works normally during the day. Avast detected no viruses. My FRST log is below. Any ideas/comments would be appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by ANATOLII (administrator) on ANATOLII-PC on 18-04-2015 11:30:32
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Windows\ASScrPro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-05] ()
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Google Update] => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-04] (Google Inc.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: G - G:\FIR.exe
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: H - H:\FIR.exe
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: {291acd35-aed5-11e0-b15f-001e8c24f077} - F:\FIR.exe
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: {9d6f65a6-0514-11e2-be05-001e8c24f077} - H:\FIR.exe
AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [56832 2006-07-12] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F90101D9-2CB1-4B19-B3A5-644C661881D6} URL = http://websearch.ask.com/redirect?c...pn_sauid=7432B3C1-0468-4909-B3B5-53DEB3A1847B
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-15] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-15] (Avast Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-06-05] (Systweak)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-15] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-15] (Avast Software)
U3 a2yjj6vw; C:\Windows\system32\Drivers\a2yjj6vw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 11:30 - 2015-04-18 11:31 - 00022725 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
2015-04-18 11:30 - 2015-04-18 11:30 - 00000000 ____D () C:\FRST
2015-04-18 11:29 - 2015-04-18 11:29 - 01137152 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
2015-04-18 10:37 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\Windows\system32\TBD2ABB.tmp
2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 18:09 - 2015-04-17 15:19 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
2015-04-03 20:51 - 2015-04-18 10:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
2015-04-03 20:51 - 2015-04-17 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 __SHD () C:\found.001
2015-03-22 21:16 - 2015-03-22 21:16 - 00000197 _____ () C:\Windows\system32\2015-03-22-13-16-36.052-AvastVBoxSVC.exe-1704.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-18 11:10 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
2015-04-18 11:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 10:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-18 10:44 - 2008-07-05 04:08 - 01922725 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 10:27 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 10:27 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-18 10:24 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 10:24 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 10:24 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 10:14 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-18 00:09 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-18 00:09 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 18:59 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
2015-04-17 17:27 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
2015-04-17 15:36 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-17 09:58 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
2015-04-16 11:49 - 2011-07-15 21:36 - 00202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
2015-04-13 00:13 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
2015-04-12 23:09 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 16:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
2015-03-29 23:22 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
2015-03-24 10:21 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
2015-03-23 18:15 - 2013-10-09 14:00 - 00905012 _____ () C:\Windows\PFRO.log
2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google
2015-03-23 11:21 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
2015-03-23 10:51 - 2011-12-20 15:17 - 00001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
2015-03-22 23:54 - 2015-01-10 17:19 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-22 23:52 - 2011-08-04 03:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-22 23:50 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Google
2015-03-22 23:22 - 2011-09-16 14:11 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-03-22 23:22 - 2011-09-16 14:09 - 00000000 ____D () C:\Program Files\DivX
2015-03-22 23:22 - 2011-09-16 14:07 - 00000000 ____D () C:\ProgramData\DivX
2015-03-22 23:18 - 2015-02-08 11:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-22 22:50 - 2011-08-04 03:40 - 00000000 ____D () C:\ProgramData\Apple
2015-03-21 13:16 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
==================== Files in the root of some directories =======
2011-12-20 15:17 - 2015-03-23 10:51 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\ANATOLII\iTunesSetup.exe

Some content of TEMP:
====================
C:\Users\ANATOLII\AppData\Local\Temp\DivXSetup.exe
C:\Users\ANATOLII\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuo_wjy.dll
C:\Users\ANATOLII\AppData\Local\Temp\lowproc.exe
C:\Users\ANATOLII\AppData\Local\Temp\ReimagePackage.exe
C:\Users\ANATOLII\AppData\Local\Temp\stubhelper.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-18 10:44
==================== End Of Log ============================

Anatoliy · Apr 18, 2015

For completeness, my Addition.txt file is as follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by ANATOLII at 2015-04-18 11:32:12
Running from C:\Users\ANATOLII\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1310 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1310_Help (Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Security Protect Manager (HKLM\...\{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}) (Version: 2.1.0.880.20 - ASUSTeK Computer Inc.)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - ASUSTek Corporation)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0014 - ATK)
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Device Doctor Pro v2.2 (HKLM\...\Device Doctor Pro_is1) (Version: 2.2 - Device Doctor Software Inc.)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4b - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Talk Plugin (HKLM\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 3.7.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.7.5 - )
LifeFrame2 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 2.0.20 - ASUS)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
MathType 6 (HKLM\...\DSMT6) (Version: 6.5 - Design Science, Inc.)
MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PC Cleaner (HKLM\...\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1) (Version: 2.1.1000.510 - Systweak Software)
Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4245 - Systweak Software)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Systweak Support Dock (HKLM\...\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1) (Version: 1.2.100.15960 - Systweak Software)
TeX Live 2012 (HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\TeXLive2012) (Version: 2012 - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VistaFeaturePack (HKLM\...\InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}) (Version: 1.03.0000 - CSR)
VistaFeaturePack (Version: 1.03.0000 - CSR) Hidden
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR ???? (HKLM\...\WinRAR archiver) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.8 - ATK)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
==================== Restore Points =========================

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 18:23 - 2014-05-19 13:23 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 ui.skype.com
204.9.163.158 127.0.0.1
204.9.163.247 127.0.0.1

==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02E4DE3F-2DF4-4282-B651-CAA66407AD1B} - System32\Tasks\{0D04A992-30CA-4C1B-97F4-71319097B755} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.107&LastError=404
Task: {095ADCEB-ED49-4FF3-BE90-B281F291F6CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0F99FB19-C285-4452-B88E-B8BA078FA759} - System32\Tasks\{C58C2D42-7677-466E-AB20-2C877F9CFF88} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12029
Task: {1038D9AD-F6AC-48F1-B67F-009A47104536} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {286F5505-92F7-47C9-B9F9-E1BD4B314648} - System32\Tasks\{146792C1-8D84-4D75-96DF-4DA43FE54695} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404
Task: {2A3ED748-210A-472E-971B-0BC00371050D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2FDD58C8-0EF3-4849-A523-042070B9BF0F} - System32\Tasks\{628BFC40-98C0-4478-94EF-00E5B61C7F32} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {32288CC7-AC65-47B3-A684-675A6DA720EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {3A9B3037-DFD5-4E81-B2C8-BE58C9727E80} - System32\Tasks\{84649C97-9B3D-48E2-A6D8-116C46D149E7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.59.104/en/abandoninstall?page=tsProgressBar
Task: {3BB28295-9A61-470A-AC55-54B4D5FFC571} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {451A3482-A8DC-43EA-A5FE-616384C6A427} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {4705B662-3AC3-482F-9519-94AB291466CC} - System32\Tasks\{6C4454BA-A22E-4974-BBEC-BB6D54780E0B} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
Task: {4BE1C11F-E197-4421-8B11-7F1B3DE798FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {52363FF6-0295-4E1E-A97D-6C20FBD1EEBD} - System32\Tasks\rightbackup_162353 => C:\Program Files\Right Backup\RightBackup.exe [2014-06-05] (Systweak)
Task: {5B298DB8-C342-4DA4-B68B-6B498F2A44CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5DAA1915-E91E-4E3A-A9C1-D6CA3C0C845C} - System32\Tasks\{35FEE5DD-738E-490C-A599-50437C02B747} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404
Task: {5EF5B1FD-A3D7-4E85-A9D3-9A7BC2447874} - System32\Tasks\{46AF934A-CF9E-4639-BFF2-25B07A3BA544} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
Task: {6382DDDD-8021-43B2-A417-1A66DD61E2AB} - System32\Tasks\{23F487CE-418E-4880-9A14-B49FBE0889CB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {6B3CA9EA-B794-40F2-9A23-60D66950124C} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {7149A954-577F-437E-9101-17F95ED4474F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7189C44C-61AC-40F7-8E68-01348950EFBA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71A1FDA1-8661-4639-A5E2-68F8BF5C53EB} - System32\Tasks\{231BE699-CCCE-4EE9-9CFB-1F52F9D8AA3B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/...r,google-chrome:notoffered;systemlevelpresent
Task: {7D8EA2FF-A35D-4C73-9822-EC567D11690F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {83E61D55-E5FD-4CA2-861E-08A0D26FCE06} - System32\Tasks\{D40FC945-960E-41DB-9214-9E1A92660F7B} => Iexplore.exe http://ui.skype.com/ui/0/6.1.60.129/en/abandoninstall?page=tsProgressBar
Task: {8BD83A1E-AAC1-4000-B3DE-38B2DE871AF2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8D35CAFD-4332-4D04-BD12-AF51785E161B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {9F1905B8-1399-4914-AFA3-4AD298014EA4} - System32\Tasks\{F57096D9-2F05-4DCF-A33B-BE161304C2F7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {B301A368-5C6C-441F-AD02-D055E364173A} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-06-05] (Systweak)
Task: {B78679EA-E097-4B66-B939-1842DF73EB74} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {C462CBBB-BAC9-4B90-98B1-3E88BCE7EAB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {D8424EB2-ABD2-45EF-8F14-F9D645906282} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
Task: {EDFA5443-184B-4B34-B4CA-C650724A113F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FDB5DD2F-4AFE-4063-893B-3F4997BA6A4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-07-05 04:59 - 2007-02-06 09:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-05 05:00 - 2007-08-08 15:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2015-04-17 18:38 - 2015-04-17 18:38 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041700\algo.dll
2013-06-07 15:18 - 2013-04-15 11:49 - 00176128 _____ () C:\Windows\System32\HP1006LM.DLL
2013-06-07 15:20 - 2013-04-15 11:49 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll
2014-06-06 14:06 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-07-05 04:27 - 2007-05-14 19:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-05 05:21 - 2007-08-04 03:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-05 05:21 - 2007-09-15 01:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-05 05:21 - 2003-11-28 17:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-05 05:21 - 2005-08-30 06:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-05 05:21 - 2003-09-10 07:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-05 05:21 - 2006-04-05 01:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-05 05:21 - 2005-04-08 10:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-07-05 04:59 - 2004-05-28 09:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-05 05:00 - 2007-01-18 10:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-05 05:31 - 2006-12-21 14:03 - 01036288 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-05 04:59 - 2006-12-19 08:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-05 05:43 - 2008-07-05 05:43 - 00033136 _____ () C:\Windows\ASScrPro.exe
2015-03-14 10:26 - 2015-03-14 10:26 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP

1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-4154192477-2723174026-2473658507-500 - Administrator - Disabled)
ANATOLII (S-1-5-21-4154192477-2723174026-2473658507-1000 - Administrator - Enabled) => C:\Users\ANATOLII
Guest (S-1-5-21-4154192477-2723174026-2473658507-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/18/2015 11:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
process id 0xc8c, application start time 0xiexplore.exe0.
Error: (04/18/2015 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RightBackup.exe version 2.1.1000.4245 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f84
Start Time: 01d0797f15662593
Termination Time: 162
Error: (04/18/2015 10:41:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Reader_sl.exe, version 10.1.8.24, time stamp 0x5225d47e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0xf78, application start time 0xReader_sl.exe0.
Error: (04/18/2015 10:41:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ALU.exe, version 1.0.0.1, time stamp 0x474f8081, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0efa0800,
process id 0xf2c, application start time 0xALU.exe0.
Error: (04/18/2015 10:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application RacAgent.exe, version 6.0.6001.18000, time stamp 0x47918c14, faulting module RacEngn.dll, version 6.0.6002.18005, time stamp 0x49e037d8, exception code 0xc00000fd, fault offset 0x0000b001,
process id 0x119c, application start time 0xRacAgent.exe0.
Error: (04/18/2015 10:40:47 AM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1140) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 9641984 (0x0000000000932000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 324394584975112 (0x0001270900012708) and the actual checksum was 6046174757795661542 (0x53e853e8805806e6). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (04/18/2015 10:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
process id 0x11dc, application start time 0xiexplore.exe0.
Error: (04/18/2015 10:34:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (04/18/2015 10:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2015 10:16:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
process id 0x1038, application start time 0xiexplore.exe0.

System errors:
=============
Error: (04/18/2015 10:44:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070644Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition{BBD2D7AF-BC83-43B8-9432-9820FE06779E}200
Error: (04/18/2015 10:40:47 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (04/18/2015 10:29:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x80070032
Error: (04/18/2015 10:25:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (04/18/2015 10:24:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:18:37 AM on 4/18/2015 was unexpected.
Error: (04/18/2015 10:22:33 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (04/18/2015 10:16:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (04/18/2015 10:05:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x80070032
Error: (04/18/2015 10:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Font Cache Service%%1053
Error: (04/18/2015 10:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Font Cache Service

Microsoft Office Sessions:
=========================
Error: (04/18/2015 11:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8cc8c01d0798534f2b803
Error: (04/18/2015 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RightBackup.exe2.1.1000.4245f8401d0797f15662593162
Error: (04/18/2015 10:41:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Reader_sl.exe10.1.8.245225d47eunknown0.0.0.000000000c000000500000000f7801d079811457b0e3
Error: (04/18/2015 10:41:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ALU.exe1.0.0.1474f8081unknown0.0.0.000000000c00000050efa0800f2c01d0797f159f4693
Error: (04/18/2015 10:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RacAgent.exe6.0.6001.1800047918c14RacEngn.dll6.0.6002.1800549e037d8c00000fd0000b001119c01d07980ea936653
Error: (04/18/2015 10:40:47 AM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll1140SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb9641984 (0x0000000000932000)4096 (0x00001000)-1018 (0xfffffc06)324394584975112 (0x0001270900012708)6046174757795661542 (0x53e853e8805806e6)2353 (0x931)
Error: (04/18/2015 10:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8c11dc01d0798074856263
Error: (04/18/2015 10:34:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)
Error: (04/18/2015 10:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/18/2015 10:16:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8c103801d0797cabcd8812

CodeIntegrity Errors:
===================================
Date: 2015-02-13 13:26:11.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:26:10.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:46.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:45.746
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:45.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:45.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:44.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:44.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:44.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-02-13 13:24:43.742
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 61%
Total physical RAM: 2046.48 MB
Available physical RAM: 791.87 MB
Total Pagefile: 4337.94 MB
Available Pagefile: 2736.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.48 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:74.52 GB) (Free:6.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:64.76 GB) (Free:7.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 169BC991)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=64.8 GB) - (Type=OF Extended)
==================== End Of Log ============================

Broni · Apr 18, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

There is some infection there.
If it'll solve your startup issues we'll see.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Anatoliy · Apr 19, 2015

Dear Broni,
Thank you for your help. Today, there was no crash. At the same time, it seems to me, no serious threat has been detected after scanning. (But may be, I am wrong). Please take a look at the all 4 log files content below.
Anatoliy

RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : ANATOLII [Administrator]
Started from : C:\Users\ANATOLII\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/19/2015 10:43:00
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 11 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} (C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll) -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} (C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ASUS Camera ScreenSaver : C:\Windows\ASScrProlog.exe [-] -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RBClientService (C:\Program Files\Right Backup\RBClientService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RBClientService (C:\Program Files\Right Backup\RBClientService.exe) -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E92911E7-C786-4834-BD3E-D20538F4D912} | NameServer : 163.28.112.1,163.28.113.1 [TAIWAN (TW)][TAIWAN (TW)] -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 5 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ui.skype.com
[C:\Windows\System32\drivers\etc\hosts] 204.9.163.158 127.0.0.1
[C:\Windows\System32\drivers\etc\hosts] 204.9.163.247 127.0.0.1
¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x866271f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x866271f8
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) ole32.dll - CoGetClassObject : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612b9d60
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash32_17_0_0_169.ocx) USER32.dll - TrackPopupMenu : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612a11c0
[IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash32_17_0_0_169.ocx) WS2_32.dll - WSASocketW : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612ba9a0
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] e9384a71b21ca1a7ffddef23249ff86e
[BSP] 96d8565462a3876302e70d1c27cf2634 : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 76313 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 176771072 | Size: 66312 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic-Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_04192015_103809.log

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 4/19/2015 10:50:07 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Starting,
Protection, 4/19/2015 10:50:08 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Started,
Protection, 4/19/2015 10:50:08 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
Update, 4/19/2015 10:50:24 AM, SYSTEM, ANATOLII-PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
Update, 4/19/2015 10:50:24 AM, SYSTEM, ANATOLII-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
Update, 4/19/2015 10:50:26 AM, SYSTEM, ANATOLII-PC, Manual, Malware Database, 2015.3.9.5, 2015.4.19.1,
Protection, 4/19/2015 10:51:23 AM, SYSTEM, ANATOLII-PC, Protection, Refresh, Starting,
Protection, 4/19/2015 10:51:26 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
Protection, 4/19/2015 10:51:27 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Stopping,
Protection, 4/19/2015 10:51:27 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Stopped,
Protection, 4/19/2015 10:51:40 AM, SYSTEM, ANATOLII-PC, Protection, Refresh, Success,
Protection, 4/19/2015 10:51:40 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
Protection, 4/19/2015 10:51:41 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
Scan, 4/19/2015 11:13:43 AM, SYSTEM, ANATOLII-PC, Manual, Start:4/19/2015 10:51:45 AM, Duration:21 min 16 sec, Threat Scan, Completed, 0 Malware Detections, 2 Non-Malware Detections,
Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Starting,
Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Started,
Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
Protection, 4/19/2015 11:18:59 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
(end)

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 11:34:49
# Updated 08/04/2015 by Xplode
# Database : 2015-04-18.3 [Server]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : ANATOLII - ANATOLII-PC
# Running from : C:\Users\ANATOLII\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : RBClientService
[#] Service Deleted : YahooAUService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\PC Cleaner
Folder Deleted : C:\Program Files\RegClean Pro
Folder Deleted : C:\Program Files\Right Backup
Folder Deleted : C:\Program Files\Systweak Support Dock
Folder Deleted : C:\Program Files\DriverToolkit
Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak
Folder Deleted : C:\Users\ANATOLII\AppData\Local\PackageAware
Folder Deleted : C:\Users\ANATOLII\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\rightbackup
Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Right Backup.lnk
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Cleaner.lnk
***** [ Scheduled tasks ] *****
Task Deleted : Right Backup_startup
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F90101D9-2CB1-4B19-B3A5-644C661881D6}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKU\.DEFAULT\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16636

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

-\\ Google Chrome v42.0.2311.90
[C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [7066 bytes] - [19/04/2015 11:32:50]
AdwCleaner[S0].txt - [7149 bytes] - [19/04/2015 11:34:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7208 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows Vista (TM) Business x86
Ran by ANATOLII on Sun 04/19/2015 at 12:05:14.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Tasks

~~~ Registry Values
~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox
Emptied folder: C:\Users\ANATOLII\AppData\Roaming\mozilla\firefox\profiles\yj8tseze.default\minidumps [5 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/19/2015 at 12:09:18.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Apr 19, 2015

MBAM log is incorrect.
You posted "protection" log instead of "scan" log.

Anatoliy · Apr 19, 2015

Sorry, MBAM scan log is below. By the way, this morning the same happened: freezing and then crash in about 5 mins after start-up.

Anatoliy

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/19/2015
Scan Time: 10:51:45 AM
Logfile: mbap_scan_log.txt
Administrator: Yes
Version: 2.01.4.1018
Malware Database: v2015.04.19.01
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: ANATOLII
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312323
Time Elapsed: 21 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\DISTROMATIC\Toolbars, Quarantined, [8ae392dce3a7b680995c2405da2b629e],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\ANATOLII\AppData\Local\Temp\ct3288691\ism.exe, Quarantined, [016c323c0d7d9f97f5b85067fd043bc5],
Physical Sectors: 0
(No malicious items detected)

(end)

Broni · Apr 20, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Anatoliy · Apr 20, 2015

Hmm, as I see, situation becomes dangerous. During its work, ComboFix deleted 2 files: APSHook.dll, msvcr70.dll, and the folder \Windows\msdownld.tmp. After that, an announcement appeared: "Unable to create a backup of the current registry file": C\Windows\System32\config\SECURITY and ...\SOFRWARE ... (and other files). After an attempt to "continue restoration of this file?" - "Access is denied".
Before restart:
"LogonUIexe: this application has failed to start because MSVCR70.dll was not found".

Now, I can work only in Safe Mode. My attempt to use System Restore failed - "No restore points have been created on your computer's system disk".

ComboFix.txt is as follows.

ComboFix 15-04-16.01 - ANATOLII 04/20/2015 14:17:47.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.934 [GMT 8:00]
Running from: c:\users\ANATOLII\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\System32\APSHook.dll
c:\windows\System32\msvcr70.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-03-20 to 2015-04-20 )))))))))))))))))))))))))))))))
.
.
2015-04-20 06:30 . 2015-04-20 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-19 04:05 . 2015-04-19 04:05 -------- d-----w- C:\RegBackup
2015-04-19 03:32 . 2015-04-19 03:35 -------- d-----w- C:\AdwCleaner
2015-04-19 02:50 . 2015-04-20 02:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-19 02:48 . 2015-03-16 22:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-19 02:48 . 2015-03-16 22:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-19 02:48 . 2015-04-19 02:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-19 02:48 . 2015-04-19 02:48 -------- d-----w- c:\programdata\Malwarebytes
2015-04-19 02:48 . 2015-03-16 22:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-19 02:23 . 2015-04-19 04:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592AF26-CEC1-4577-A1BD-31157ED310A1}\offreg.dll
2015-04-19 02:21 . 2015-04-19 02:21 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-19 02:21 . 2015-04-19 02:45 -------- d-----w- c:\programdata\RogueKiller
2015-04-18 03:30 . 2015-04-18 03:32 -------- d-----w- C:\FRST
2015-04-17 07:20 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592AF26-CEC1-4577-A1BD-31157ED310A1}\mpengine.dll
2015-04-17 01:58 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-04-17 01:58 . 2015-03-05 02:24 297984 ----a-w- c:\windows\system32\gdi32.dll
2015-04-17 01:56 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-17 01:56 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
2015-04-17 01:54 . 2015-03-14 02:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
2015-04-17 01:54 . 2015-03-13 01:51 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-04-17 01:54 . 2015-03-13 01:51 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-16 00:49 . 2015-04-16 00:49 -------- d-----w- c:\program files\Common Files\Skype
2015-04-16 00:49 . 2015-04-16 00:49 -------- d-----r- c:\program files\Skype
2015-03-25 06:34 . 2015-03-25 06:34 18475704 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2015-03-23 11:44 . 2006-11-02 09:45 44544 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report1476f596\rundll32.exe
2015-03-23 10:11 . 2015-03-23 10:11 -------- d-----w- C:\found.001
2015-03-22 15:31 . 2015-03-23 11:52 -------- d-----w- c:\windows\Debug
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 02:01 . 2012-06-21 03:13 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 02:01 . 2011-07-21 08:23 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-09 22:57 . 2015-04-15 04:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-03-09 22:56 . 2015-04-15 04:57 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-03-06 04:01 . 2015-03-12 02:07 279040 ----a-w- c:\windows\system32\schannel.dll
2015-02-26 00:18 . 2015-03-12 02:22 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-02-23 20:23 . 2011-07-15 13:21 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 02:03 . 2015-03-12 02:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 00:28 . 2015-03-12 02:10 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-02-17 07:26 . 2015-02-17 07:26 1217184 ----a-w- c:\windows\system32\FM20.DLL
2015-02-04 04:23 . 2015-02-04 04:23 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-01-29 01:35 . 2015-03-12 02:24 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-01-29 01:35 . 2015-03-12 02:23 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-01-21 02:02 . 2015-03-12 02:08 807936 ----a-w- c:\windows\system32\msctf.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-15 12:15 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-14 720064]
"Device Doctor Pro"="c:\program files\Device Doctor Pro\DDProLauncher.exe" [2013-11-26 133744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-04 33136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-11-30 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4154192477-2723174026-2473658507-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-17 12:48 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-08-08 06:13 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 02:01]
.
2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 13:31]
.
2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 13:31]
.
2015-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
- c:\users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-03 06:41]
.
2015-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
- c:\users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-03 06:41]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.ua/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1 - c:\program files\Right Backup\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-20 14:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2015-04-20 15:02:34 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-20 07:02
.
Pre-Run: 7,184,527,360 bytes free
Post-Run: 10,810,093,568 bytes free
.
- - End Of File - - D424252446D927702807479EEDB192FE
5C616939100B85E558DA92B899A0FC36

Broni · Apr 20, 2015

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DEQUARANTINE::
C:\Qoobox\Quarantine\c\windows\System32\APSHook.dll.vir
C:\Qoobox\Quarantine\c\windows\System32\msvcr70.dll.vir
QUIT::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

See if you can start computer normally.

Anatoliy · Apr 20, 2015

Actually, as I checked with Task Manager, Avast is not running in Safe Mode. However, when ComboFix started to run, it asks me to disable Avast. Now, when I right click on Avast tray icon, there is no "shield control" in menu. What should I do now? ComboFix is waiting.

Broni · Apr 20, 2015

In safe mode don't worry about disabling anything. Just run Combofix fix.

Anatoliy · Apr 20, 2015

I started Windows normally. However, in few minutes after that - freezing and crashing again. Combofix created no txt files, except for DeQuarantine.txt:

:\Qoobox\Quarantine\c\windows\System32\APSHook.dll.vir -> c:\windows\System32\APSHook.dll ( 56832 bytes )
C:\Qoobox\Quarantine\c\windows\System32\msvcr70.dll.vir -> c:\windows\System32\msvcr70.dll ( 339968 bytes )

Broni · Apr 21, 2015

You may have some other issues but let's finish cleaning process.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Anatoliy · Apr 21, 2015

As I see, Avast tried to block FRST. Nevertheless, scanning is complete. The FRST.txt is below. Addition.txt - in my next reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by ANATOLII (administrator) on ANATOLII-PC on 21-04-2015 13:14:21
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\ASScrPro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-15] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-15] (Avast Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-15] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-15] (Avast Software)
U3 anjb44g3; C:\Windows\system32\Drivers\anjb44g3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\Users\ANATOLII\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 13:14 - 2015-04-21 13:14 - 00021515 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
2015-04-21 13:09 - 2015-04-18 11:29 - 01137152 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
2015-04-21 13:04 - 2015-04-21 13:04 - 00000000 _____ () C:\Users\ANATOLII\Desktop\FRST.exe.5ap8il0.partial
2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
2015-04-20 17:13 - 2015-04-20 17:13 - 05301800 _____ (Dll-Files.com ) C:\Users\ANATOLII\Desktop\dff_fdp2-msvcr70.exe
2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-04-20 13:29 - 2015-04-21 10:06 - 05619466 ____R (Swearware) C:\Users\ANATOLII\Desktop\ComboFix.exe
2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
2015-04-19 10:50 - 2015-04-21 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 10:48 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 10:48 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 10:32 - 2015-04-21 12:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-18 11:30 - 2015-04-21 13:14 - 00000000 ____D () C:\FRST
2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
2015-04-03 20:51 - 2015-04-21 12:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
2015-04-03 20:51 - 2015-04-19 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001
2015-03-22 21:16 - 2015-03-22 21:16 - 00000197 _____ () C:\Windows\system32\2015-03-22-13-16-36.052-AvastVBoxSVC.exe-1704.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 13:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 12:51 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 12:48 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
2015-04-21 12:05 - 2008-07-05 04:08 - 01306860 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 11:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 11:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 11:38 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 11:36 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-21 11:17 - 2013-10-09 14:00 - 00907084 _____ () C:\Windows\PFRO.log
2015-04-20 21:34 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
2015-04-20 15:23 - 2011-12-20 15:17 - 00001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-20 14:40 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-20 14:40 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
2015-04-20 12:51 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
2015-04-16 11:49 - 2011-07-15 21:36 - 00202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
2015-04-13 00:13 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-08 16:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google
2015-03-22 23:54 - 2015-01-10 17:19 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-22 23:52 - 2011-08-04 03:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-22 23:50 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Google
2015-03-22 23:22 - 2011-09-16 14:11 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2015-03-22 23:22 - 2011-09-16 14:09 - 00000000 ____D () C:\Program Files\DivX
2015-03-22 23:22 - 2011-09-16 14:07 - 00000000 ____D () C:\ProgramData\DivX
2015-03-22 23:18 - 2015-02-08 11:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-22 22:50 - 2011-08-04 03:40 - 00000000 ____D () C:\ProgramData\Apple
==================== Files in the root of some directories =======
2011-12-20 15:17 - 2015-04-20 15:23 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\ANATOLII\iTunesSetup.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-21 11:44
==================== End Of Log ============================

Anatoliy · Apr 21, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by ANATOLII at 2015-04-21 13:15:05
Running from C:\Users\ANATOLII\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1310 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1310_Help (Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
ASUS Security Protect Manager (HKLM\...\{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}) (Version: 2.1.0.880.20 - ASUSTeK Computer Inc.)
Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - ASUSTek Corporation)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0014 - ATK)
ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Device Doctor Pro v2.2 (HKLM\...\Device Doctor Pro_is1) (Version: 2.2 - Device Doctor Software Inc.)
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4b - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Talk Plugin (HKLM\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 3.7.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.7.5 - )
LifeFrame2 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 2.0.20 - ASUS)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
MathType 6 (HKLM\...\DSMT6) (Version: 6.5 - Design Science, Inc.)
MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TeX Live 2012 (HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\TeXLive2012) (Version: 2012 - )
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VistaFeaturePack (HKLM\...\InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}) (Version: 1.03.0000 - CSR)
VistaFeaturePack (Version: 1.03.0000 - CSR) Hidden
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
WinRAR ???? (HKLM\...\WinRAR archiver) (Version: - )
Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.8 - ATK)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
==================== Restore Points =========================

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 18:23 - 2015-04-20 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02E4DE3F-2DF4-4282-B651-CAA66407AD1B} - System32\Tasks\{0D04A992-30CA-4C1B-97F4-71319097B755} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.107&LastError=404
Task: {095ADCEB-ED49-4FF3-BE90-B281F291F6CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0F99FB19-C285-4452-B88E-B8BA078FA759} - System32\Tasks\{C58C2D42-7677-466E-AB20-2C877F9CFF88} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.16.0.105&LastError=12029
Task: {1038D9AD-F6AC-48F1-B67F-009A47104536} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {23B03320-5378-4098-A132-EFC544D0CE7A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {286F5505-92F7-47C9-B9F9-E1BD4B314648} - System32\Tasks\{146792C1-8D84-4D75-96DF-4DA43FE54695} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404
Task: {2FDD58C8-0EF3-4849-A523-042070B9BF0F} - System32\Tasks\{628BFC40-98C0-4478-94EF-00E5B61C7F32} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {32288CC7-AC65-47B3-A684-675A6DA720EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {3A9B3037-DFD5-4E81-B2C8-BE58C9727E80} - System32\Tasks\{84649C97-9B3D-48E2-A6D8-116C46D149E7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.59.104/en/abandoninstall?page=tsProgressBar
Task: {3BB28295-9A61-470A-AC55-54B4D5FFC571} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {451A3482-A8DC-43EA-A5FE-616384C6A427} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {4705B662-3AC3-482F-9519-94AB291466CC} - System32\Tasks\{6C4454BA-A22E-4974-BBEC-BB6D54780E0B} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
Task: {52363FF6-0295-4E1E-A97D-6C20FBD1EEBD} - System32\Tasks\rightbackup_162353 => C:\Program Files\Right Backup\RightBackup.exe
Task: {5B298DB8-C342-4DA4-B68B-6B498F2A44CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5DAA1915-E91E-4E3A-A9C1-D6CA3C0C845C} - System32\Tasks\{35FEE5DD-738E-490C-A599-50437C02B747} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120&LastError=404
Task: {5EF5B1FD-A3D7-4E85-A9D3-9A7BC2447874} - System32\Tasks\{46AF934A-CF9E-4639-BFF2-25B07A3BA544} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
Task: {6382DDDD-8021-43B2-A417-1A66DD61E2AB} - System32\Tasks\{23F487CE-418E-4880-9A14-B49FBE0889CB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {6B3CA9EA-B794-40F2-9A23-60D66950124C} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
Task: {703502AE-BD7C-49E3-8A19-96DDC8047113} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7149A954-577F-437E-9101-17F95ED4474F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {71A1FDA1-8661-4639-A5E2-68F8BF5C53EB} - System32\Tasks\{231BE699-CCCE-4EE9-9CFB-1F52F9D8AA3B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/...r,google-chrome:notoffered;systemlevelpresent
Task: {83E61D55-E5FD-4CA2-861E-08A0D26FCE06} - System32\Tasks\{D40FC945-960E-41DB-9214-9E1A92660F7B} => Iexplore.exe http://ui.skype.com/ui/0/6.1.60.129/en/abandoninstall?page=tsProgressBar
Task: {8BD83A1E-AAC1-4000-B3DE-38B2DE871AF2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8D35CAFD-4332-4D04-BD12-AF51785E161B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {8E2946D3-1D15-47FA-8A4F-5E371B0F0A0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {9F1905B8-1399-4914-AFA3-4AD298014EA4} - System32\Tasks\{F57096D9-2F05-4DCF-A33B-BE161304C2F7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {A55FD5DF-7F2F-438D-ACF2-F6903EEF54DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C462CBBB-BAC9-4B90-98B1-3E88BCE7EAB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {D8424EB2-ABD2-45EF-8F14-F9D645906282} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
Task: {D940B59D-D73D-4BAD-8A5A-41ECB027D101} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EDFA5443-184B-4B34-B4CA-C650724A113F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FDB5DD2F-4AFE-4063-893B-3F4997BA6A4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-07-05 04:59 - 2007-02-06 09:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
2008-07-05 05:00 - 2007-08-08 15:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2015-04-21 11:19 - 2015-04-21 11:19 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042000\algo.dll
2015-01-15 20:14 - 2015-01-15 20:14 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-15 20:14 - 2015-01-15 20:14 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-15 20:14 - 2015-01-15 20:14 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-06-07 15:18 - 2013-04-15 11:49 - 00176128 _____ () C:\Windows\System32\HP1006LM.DLL
2013-06-07 15:20 - 2013-04-15 11:49 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-07-15 18:18 - 2007-05-30 10:27 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
2008-07-05 05:18 - 2007-12-01 02:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2008-07-05 04:59 - 2004-05-28 09:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
2008-07-05 05:00 - 2007-01-18 10:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
2008-07-05 05:31 - 2006-12-21 14:03 - 01036288 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
2008-07-05 04:59 - 2006-12-19 08:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
2008-07-05 05:43 - 2008-07-05 05:43 - 00033136 _____ () C:\Windows\ASScrPro.exe
2015-03-14 10:26 - 2015-03-14 10:26 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-07-05 04:27 - 2007-05-14 19:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-07-05 05:21 - 2007-08-04 03:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2008-07-05 05:21 - 2007-09-15 01:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
2008-07-05 05:21 - 2003-11-28 17:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
2008-07-05 05:21 - 2005-08-30 06:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
2008-07-05 05:21 - 2003-09-10 07:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
2008-07-05 05:21 - 2006-04-05 01:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
2008-07-05 05:21 - 2005-04-08 10:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
2015-01-15 20:14 - 2015-01-15 20:14 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP

1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-4154192477-2723174026-2473658507-500 - Administrator - Disabled)
ANATOLII (S-1-5-21-4154192477-2723174026-2473658507-1000 - Administrator - Enabled) => C:\Users\ANATOLII
Guest (S-1-5-21-4154192477-2723174026-2473658507-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2015 00:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 15.4.2015.4, time stamp 0x552ead53, faulting module FRST.exe, version 15.4.2015.4, time stamp 0x552ead53, exception code 0xc0000005, fault offset 0x0001f09e,
process id 0x1734, application start time 0xFRST.exe0.
Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/21/2015 11:38:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 11:23:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6c3d99e8-40e8-4eda-b1ec-8422d4607189}
Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/21/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 10:47:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).
Error: (04/21/2015 10:47:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.

Operation:
Instantiating VSS server

System errors:
=============
Error: (04/21/2015 11:42:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x80070032
Error: (04/21/2015 11:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
Error: (04/21/2015 11:38:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
Error: (04/21/2015 11:37:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (04/21/2015 11:35:48 AM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
Error: (04/21/2015 11:36:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:02 AM on 4/21/2015 was unexpected.
Error: (04/21/2015 11:33:15 AM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
Error: (04/21/2015 11:33:14 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (04/21/2015 11:20:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: 0x8007041d
Error: (04/21/2015 11:20:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x80004005

Microsoft Office Sessions:
=========================
Error: (04/21/2015 00:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe15.4.2015.4552ead53FRST.exe15.4.2015.4552ead53c00000050001f09e173401d07bec8a96c0d6
Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/21/2015 11:38:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 11:23:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6c3d99e8-40e8-4eda-b1ec-8422d4607189}
Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (04/21/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2015 10:47:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
Error: (04/21/2015 10:47:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c
Operation:
Instantiating VSS server

CodeIntegrity Errors:
===================================
Date: 2015-04-21 13:15:00.384
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:15:00.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:59.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:59.573
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:59.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:58.871
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:58.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:58.309
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:36.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 13:14:35.970
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 2046.48 MB
Available physical RAM: 734.11 MB
Total Pagefile: 4331.98 MB
Available Pagefile: 2498.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.54 MB
==================== Drives ================================
Drive c: (VistaOS) (Fixed) (Total:74.52 GB) (Free:7.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:64.76 GB) (Free:10.97 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 169BC991)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=64.8 GB) - (Type=OF Extended)
==================== End Of Log ============================

Broni · Apr 21, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Anatoliy · Apr 21, 2015

This morning, my computer worked unstably. IE and then Chrome crashed all the time. I could not download fixlist.txt and had to use emergency shutdown button. Now I have downloaded this file. However, Avast blocks FRST when I press Fix. Should I disable Avast?

Broni · Apr 21, 2015

Anatoliy · Apr 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by ANATOLII at 2015-04-22 09:48:21 Run:1
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
U3 anjb44g3; C:\Windows\system32\Drivers\anjb44g3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\system32\Drivers\anjb44g3.sys
S3 catchme; \??\C:\Users\ANATOLII\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
2011-12-20 15:17 - 2015-04-20 15:23 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
C:\Users\ANATOLII\iTunesSetup.exe
AlternateDataStreams: C:\ProgramData\TEMP

1B5B4F1

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll not found.
C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
anjb44g3 => Service not found.
"C:\Windows\system32\Drivers\anjb44g3.sys" => File/Directory not found.
catchme => Service deleted successfully.
cpuz134 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SymIMMP => Service deleted successfully.
C:\Users\ANATOLII\AppData\Local\d3d9caps.dat => Moved successfully.
C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\Users\ANATOLII\iTunesSetup.exe => Moved successfully.
C:\ProgramData\TEMP => "

1B5B4F1" ADS removed successfully.

==== End of Fixlog 09:48:21 ====

Broni · Apr 21, 2015

Please re-run FRST scan one more time.
I only need one log (FRST.txt).

Anatoliy · Apr 21, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by ANATOLII (administrator) on ANATOLII-PC on 22-04-2015 10:27:48
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Windows\ASScrPro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-21] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-21] (Avast Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-21] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-21] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-21] (Avast Software)
U3 avle3its; C:\Windows\system32\Drivers\avle3its.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 10:27 - 2015-04-22 10:28 - 00020419 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
2015-04-22 10:27 - 2015-04-22 10:27 - 01139200 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
2015-04-22 09:12 - 2015-04-22 10:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\FRST-OlderVersion
2015-04-22 09:10 - 2015-04-22 09:10 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (2).txt
2015-04-22 09:02 - 2015-04-22 09:02 - 00000000 __SHD () C:\found.002
2015-04-22 08:46 - 2015-04-22 08:46 - 00003447 _____ () C:\Users\ANATOLII\Downloads\7CF6.tmp
2015-04-22 08:45 - 2015-04-22 08:45 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (1).txt
2015-04-22 08:43 - 2015-04-22 08:43 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist.txt
2015-04-21 17:17 - 2015-04-21 17:17 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-21 17:17 - 2015-04-21 17:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
2015-04-19 10:50 - 2015-04-22 09:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 10:48 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 10:48 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 10:48 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 10:32 - 2015-04-22 09:51 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-18 11:30 - 2015-04-22 10:27 - 00000000 ____D () C:\FRST
2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
2015-04-03 20:51 - 2015-04-22 09:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
2015-04-03 20:51 - 2015-04-21 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 10:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 09:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
2015-04-22 09:56 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
2015-04-22 09:48 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
2015-04-22 09:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 09:43 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
2015-04-22 09:11 - 2008-07-05 04:08 - 01333870 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 09:06 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 09:05 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 09:05 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 09:05 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 21:19 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 21:18 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-21 19:38 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
2015-04-21 18:18 - 2013-10-09 14:00 - 00908424 _____ () C:\Windows\PFRO.log
2015-04-21 18:18 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 17:17 - 2014-04-28 15:47 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-21 17:16 - 2014-01-17 10:45 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-22 09:12

==================== End Of Log ============================

Broni · Apr 21, 2015

OK, something keeps creating those fake "zero" size files...

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Anatoliy · Apr 21, 2015

Indeed, as I made sure earlier, hidden (empty) FRST.exe file was created on my desktop.
Fixlog is below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by ANATOLII at 2015-04-22 10:49:44 Run:2
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
U3 avle3its; C:\Windows\system32\Drivers\avle3its.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
C:\Windows\system32\Drivers\avle3its.sys

*****************

C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll not found.
C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll not found.
C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll not found.
avle3its => Service deleted successfully.
Could not move "C:\Windows\system32\Drivers\avle3its.sys" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-22 10:52:19)<=

C:\Windows\system32\Drivers\avle3its.sys => Is moved successfully.

==== End of Fixlog 10:52:19 ====

Broni · Apr 21, 2015

OK, re-run FRST scan one more time

Anatoliy · Apr 21, 2015

Ready. FRST log is below.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by ANATOLII (administrator) on ANATOLII-PC on 22-04-2015 11:28:14
Running from C:\Users\ANATOLII\Desktop
Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Windows\ASScrPro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-21] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-21] (Avast Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-21] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-21] ()
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-21] (Avast Software)
U3 ai0m6f7f; C:\Windows\system32\Drivers\ai0m6f7f.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 11:28 - 2015-04-22 11:28 - 00020581 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
2015-04-22 10:27 - 2015-04-22 10:27 - 01139200 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
2015-04-22 09:12 - 2015-04-22 10:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\FRST-OlderVersion
2015-04-22 09:10 - 2015-04-22 09:10 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (2).txt
2015-04-22 09:02 - 2015-04-22 09:02 - 00000000 __SHD () C:\found.002
2015-04-22 08:46 - 2015-04-22 08:46 - 00003447 _____ () C:\Users\ANATOLII\Downloads\7CF6.tmp
2015-04-22 08:45 - 2015-04-22 08:45 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (1).txt
2015-04-22 08:43 - 2015-04-22 08:43 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist.txt
2015-04-21 17:17 - 2015-04-21 17:17 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-21 17:17 - 2015-04-21 17:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
2015-04-19 10:50 - 2015-04-22 10:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-19 10:48 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 10:48 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 10:48 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-19 10:32 - 2015-04-22 11:01 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-18 11:30 - 2015-04-22 11:28 - 00000000 ____D () C:\FRST
2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
2015-04-03 20:51 - 2015-04-22 10:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
2015-04-03 20:51 - 2015-04-21 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 11:25 - 2008-07-05 04:08 - 01339743 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 11:24 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
2015-04-22 11:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 10:52 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 10:52 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 10:52 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 10:52 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 10:50 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-04-22 10:50 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 10:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 10:34 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
2015-04-22 09:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
2015-04-22 09:56 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
2015-04-22 09:48 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
2015-04-21 18:18 - 2013-10-09 14:00 - 00908424 _____ () C:\Windows\PFRO.log
2015-04-21 18:18 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-21 17:17 - 2014-04-28 15:47 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-21 17:17 - 2014-01-17 10:45 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-21 17:16 - 2014-01-17 10:45 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-22 10:58

==================== End Of Log ============================

Solved Freezing and then crash after first start-up

Posts: 33 +0

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 33 +0

Posts: 56,041 +516

Attachments

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Attachments

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Similar threads