TechSpot

Freezing and then crash after first start-up

By Anatoliy
Apr 18, 2015
  1. Hi, everybody! Recently, something strange began to occur with my computer. Every morning, when I start-up, my computer freezes and then crashes in 2-5 mins. However, after second start-up, it works normally during the day. Avast detected no viruses. My FRST log is below. Any ideas/comments would be appreciated.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
    Ran by ANATOLII (administrator) on ANATOLII-PC on 18-04-2015 11:30:32
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Systweak) C:\Program Files\Right Backup\RBClientService.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
    () C:\Program Files\ATKOSD2\ATKOSD2.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Program Files\Wireless Console 2\wcourier.exe
    () C:\Program Files\ATK Hotkey\ATKOSD.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    () C:\Windows\ASScrPro.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
    HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\ASScrProlog.exe [37232 2008-07-05] ()
    HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Google Update] => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-04] (Google Inc.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: G - G:\FIR.exe
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: H - H:\FIR.exe
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: {291acd35-aed5-11e0-b15f-001e8c24f077} - F:\FIR.exe
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\MountPoints2: {9d6f65a6-0514-11e2-be05-001e8c24f077} - H:\FIR.exe
    AppInit_DLLs: APSHook.dll => C:\Windows\system32\APSHook.dll [56832 2006-07-12] (Cognizance Corporation)
    Lsa: [Notification Packages] scecli ASWLNPkg
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F90101D9-2CB1-4B19-B3A5-644C661881D6} URL = http://websearch.ask.com/redirect?c...pn_sauid=7432B3C1-0468-4909-B3B5-53DEB3A1847B
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-15] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
    FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.118\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
    CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
    R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
    R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-15] (Avast Software)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-06-05] (Systweak)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
    R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-15] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-15] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-15] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-15] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-15] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-15] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-15] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-15] ()
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
    R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
    R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
    R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-15] (Avast Software)
    U3 a2yjj6vw; C:\Windows\system32\Drivers\a2yjj6vw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
    S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-04-18 11:30 - 2015-04-18 11:31 - 00022725 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
    2015-04-18 11:30 - 2015-04-18 11:30 - 00000000 ____D () C:\FRST
    2015-04-18 11:29 - 2015-04-18 11:29 - 01137152 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
    2015-04-18 10:37 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\Windows\system32\TBD2ABB.tmp
    2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
    2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-04-13 18:09 - 2015-04-17 15:19 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
    2015-04-03 20:51 - 2015-04-18 10:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
    2015-04-03 20:51 - 2015-04-17 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
    2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 __SHD () C:\found.001
    2015-03-22 21:16 - 2015-03-22 21:16 - 00000197 _____ () C:\Windows\system32\2015-03-22-13-16-36.052-AvastVBoxSVC.exe-1704.log
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-04-18 11:10 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
    2015-04-18 11:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-18 10:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-18 10:44 - 2008-07-05 04:08 - 01922725 _____ () C:\Windows\WindowsUpdate.log
    2015-04-18 10:27 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-18 10:27 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-18 10:24 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-18 10:24 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-18 10:24 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-18 10:14 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-18 00:09 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2015-04-18 00:09 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-17 18:59 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
    2015-04-17 17:27 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
    2015-04-17 15:36 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-17 09:58 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
    2015-04-16 11:49 - 2011-07-15 21:36 - 00202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
    2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
    2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
    2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
    2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
    2015-04-13 00:13 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
    2015-04-12 23:09 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
    2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-04-08 16:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
    2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
    2015-03-29 23:22 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
    2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
    2015-03-24 10:21 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
    2015-03-23 18:15 - 2013-10-09 14:00 - 00905012 _____ () C:\Windows\PFRO.log
    2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google
    2015-03-23 11:21 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
    2015-03-23 10:51 - 2011-12-20 15:17 - 00001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
    2015-03-22 23:54 - 2015-01-10 17:19 - 00000000 ____D () C:\Program Files\QuickTime
    2015-03-22 23:52 - 2011-08-04 03:44 - 00000000 ____D () C:\ProgramData\Apple Computer
    2015-03-22 23:50 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Google
    2015-03-22 23:22 - 2011-09-16 14:11 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
    2015-03-22 23:22 - 2011-09-16 14:09 - 00000000 ____D () C:\Program Files\DivX
    2015-03-22 23:22 - 2011-09-16 14:07 - 00000000 ____D () C:\ProgramData\DivX
    2015-03-22 23:18 - 2015-02-08 11:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-03-22 22:50 - 2011-08-04 03:40 - 00000000 ____D () C:\ProgramData\Apple
    2015-03-21 13:16 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
    ==================== Files in the root of some directories =======
    2011-12-20 15:17 - 2015-03-23 10:51 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
    2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
    Files to move or delete:
    ====================
    C:\Users\ANATOLII\iTunesSetup.exe

    Some content of TEMP:
    ====================
    C:\Users\ANATOLII\AppData\Local\Temp\DivXSetup.exe
    C:\Users\ANATOLII\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuo_wjy.dll
    C:\Users\ANATOLII\AppData\Local\Temp\lowproc.exe
    C:\Users\ANATOLII\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\ANATOLII\AppData\Local\Temp\stubhelper.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-04-18 10:44
    ==================== End Of Log ============================
     
  2. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    For completeness, my Addition.txt file is as follows:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
    Ran by ANATOLII at 2015-04-18 11:32:12
    Running from C:\Users\ANATOLII\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    1310 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    1310_Help (Version: 82.0.58.000 - Hewlett-Packard) Hidden
    1310Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
    ASUS Security Protect Manager (HKLM\...\{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}) (Version: 2.1.0.880.20 - ASUSTeK Computer Inc.)
    Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
    ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - ASUSTek Corporation)
    ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0014 - ATK)
    ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
    AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1 - AuthenTec, Inc.) Hidden
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Device Doctor Pro v2.2 (HKLM\...\Device Doctor Pro_is1) (Version: 2.2 - Device Doctor Software Inc.)
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
    DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4b - SEIKO EPSON CORPORATION)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Talk Plugin (HKLM\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
    K-Lite Codec Pack 3.7.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.7.5 - )
    LifeFrame2 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 2.0.20 - ASUS)
    MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
    MathType 6 (HKLM\...\DSMT6) (Version: 6.5 - Design Science, Inc.)
    MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    PC Cleaner (HKLM\...\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1) (Version: 2.1.1000.510 - Systweak Software)
    Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4245 - Systweak Software)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
    Systweak Support Dock (HKLM\...\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1) (Version: 1.2.100.15960 - Systweak Software)
    TeX Live 2012 (HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\TeXLive2012) (Version: 2012 - )
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VistaFeaturePack (HKLM\...\InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}) (Version: 1.03.0000 - CSR)
    VistaFeaturePack (Version: 1.03.0000 - CSR) Hidden
    VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
    WinRAR ???? (HKLM\...\WinRAR archiver) (Version: - )
    Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.8 - ATK)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    ==================== Restore Points =========================

    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 18:23 - 2014-05-19 13:23 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 ui.skype.com
    204.9.163.158 127.0.0.1
    204.9.163.247 127.0.0.1

    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {02E4DE3F-2DF4-4282-B651-CAA66407AD1B} - System32\Tasks\{0D04A992-30CA-4C1B-97F4-71319097B755} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.107&amp;LastError=404
    Task: {095ADCEB-ED49-4FF3-BE90-B281F291F6CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0F99FB19-C285-4452-B88E-B8BA078FA759} - System32\Tasks\{C58C2D42-7677-466E-AB20-2C877F9CFF88} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12029
    Task: {1038D9AD-F6AC-48F1-B67F-009A47104536} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {286F5505-92F7-47C9-B9F9-E1BD4B314648} - System32\Tasks\{146792C1-8D84-4D75-96DF-4DA43FE54695} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
    Task: {2A3ED748-210A-472E-971B-0BC00371050D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {2FDD58C8-0EF3-4849-A523-042070B9BF0F} - System32\Tasks\{628BFC40-98C0-4478-94EF-00E5B61C7F32} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
    Task: {32288CC7-AC65-47B3-A684-675A6DA720EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {3A9B3037-DFD5-4E81-B2C8-BE58C9727E80} - System32\Tasks\{84649C97-9B3D-48E2-A6D8-116C46D149E7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.59.104/en/abandoninstall?page=tsProgressBar
    Task: {3BB28295-9A61-470A-AC55-54B4D5FFC571} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {451A3482-A8DC-43EA-A5FE-616384C6A427} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
    Task: {4705B662-3AC3-482F-9519-94AB291466CC} - System32\Tasks\{6C4454BA-A22E-4974-BBEC-BB6D54780E0B} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
    Task: {4BE1C11F-E197-4421-8B11-7F1B3DE798FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {52363FF6-0295-4E1E-A97D-6C20FBD1EEBD} - System32\Tasks\rightbackup_162353 => C:\Program Files\Right Backup\RightBackup.exe [2014-06-05] (Systweak)
    Task: {5B298DB8-C342-4DA4-B68B-6B498F2A44CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {5DAA1915-E91E-4E3A-A9C1-D6CA3C0C845C} - System32\Tasks\{35FEE5DD-738E-490C-A599-50437C02B747} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
    Task: {5EF5B1FD-A3D7-4E85-A9D3-9A7BC2447874} - System32\Tasks\{46AF934A-CF9E-4639-BFF2-25B07A3BA544} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
    Task: {6382DDDD-8021-43B2-A417-1A66DD61E2AB} - System32\Tasks\{23F487CE-418E-4880-9A14-B49FBE0889CB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
    Task: {6B3CA9EA-B794-40F2-9A23-60D66950124C} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
    Task: {7149A954-577F-437E-9101-17F95ED4474F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {7189C44C-61AC-40F7-8E68-01348950EFBA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {71A1FDA1-8661-4639-A5E2-68F8BF5C53EB} - System32\Tasks\{231BE699-CCCE-4EE9-9CFB-1F52F9D8AA3B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/...r,google-chrome:notoffered;systemlevelpresent
    Task: {7D8EA2FF-A35D-4C73-9822-EC567D11690F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {83E61D55-E5FD-4CA2-861E-08A0D26FCE06} - System32\Tasks\{D40FC945-960E-41DB-9214-9E1A92660F7B} => Iexplore.exe http://ui.skype.com/ui/0/6.1.60.129/en/abandoninstall?page=tsProgressBar
    Task: {8BD83A1E-AAC1-4000-B3DE-38B2DE871AF2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8D35CAFD-4332-4D04-BD12-AF51785E161B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
    Task: {9F1905B8-1399-4914-AFA3-4AD298014EA4} - System32\Tasks\{F57096D9-2F05-4DCF-A33B-BE161304C2F7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {B301A368-5C6C-441F-AD02-D055E364173A} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-06-05] (Systweak)
    Task: {B78679EA-E097-4B66-B939-1842DF73EB74} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
    Task: {C462CBBB-BAC9-4B90-98B1-3E88BCE7EAB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
    Task: {D8424EB2-ABD2-45EF-8F14-F9D645906282} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
    Task: {EDFA5443-184B-4B34-B4CA-C650724A113F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {FDB5DD2F-4AFE-4063-893B-3F4997BA6A4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) ==============
    2008-07-05 04:59 - 2007-02-06 09:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    2008-07-05 05:00 - 2007-08-08 15:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    2015-04-17 18:38 - 2015-04-17 18:38 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041700\algo.dll
    2013-06-07 15:18 - 2013-04-15 11:49 - 00176128 _____ () C:\Windows\System32\HP1006LM.DLL
    2013-06-07 15:20 - 2013-04-15 11:49 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll
    2014-06-06 14:06 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2008-07-05 04:27 - 2007-05-14 19:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2008-07-05 05:21 - 2007-08-04 03:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2008-07-05 05:21 - 2007-09-15 01:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
    2008-07-05 05:21 - 2003-11-28 17:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
    2008-07-05 05:21 - 2005-08-30 06:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
    2008-07-05 05:21 - 2003-09-10 07:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
    2008-07-05 05:21 - 2006-04-05 01:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
    2008-07-05 05:21 - 2005-04-08 10:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2008-07-05 04:59 - 2004-05-28 09:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
    2008-07-05 05:00 - 2007-01-18 10:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
    2008-07-05 05:31 - 2006-12-21 14:03 - 01036288 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
    2008-07-05 04:59 - 2006-12-19 08:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
    2008-07-05 05:43 - 2008-07-05 05:43 - 00033136 _____ () C:\Windows\ASScrPro.exe
    2015-03-14 10:26 - 2015-03-14 10:26 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================
    Administrator (S-1-5-21-4154192477-2723174026-2473658507-500 - Administrator - Disabled)
    ANATOLII (S-1-5-21-4154192477-2723174026-2473658507-1000 - Administrator - Enabled) => C:\Users\ANATOLII
    Guest (S-1-5-21-4154192477-2723174026-2473658507-501 - Limited - Disabled)
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (04/18/2015 11:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
    process id 0xc8c, application start time 0xiexplore.exe0.
    Error: (04/18/2015 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program RightBackup.exe version 2.1.1000.4245 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: f84
    Start Time: 01d0797f15662593
    Termination Time: 162
    Error: (04/18/2015 10:41:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application Reader_sl.exe, version 10.1.8.24, time stamp 0x5225d47e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
    process id 0xf78, application start time 0xReader_sl.exe0.
    Error: (04/18/2015 10:41:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application ALU.exe, version 1.0.0.1, time stamp 0x474f8081, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0efa0800,
    process id 0xf2c, application start time 0xALU.exe0.
    Error: (04/18/2015 10:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application RacAgent.exe, version 6.0.6001.18000, time stamp 0x47918c14, faulting module RacEngn.dll, version 6.0.6002.18005, time stamp 0x49e037d8, exception code 0xc00000fd, fault offset 0x0000b001,
    process id 0x119c, application start time 0xRacAgent.exe0.
    Error: (04/18/2015 10:40:47 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll (1140) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 9641984 (0x0000000000932000) (database page wuaueng.dll0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 324394584975112 (0x0001270900012708) and the actual checksum was 6046174757795661542 (0x53e853e8805806e6). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
    Error: (04/18/2015 10:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
    process id 0x11dc, application start time 0xiexplore.exe0.
    Error: (04/18/2015 10:34:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Plus 2010 -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
    Error: (04/18/2015 10:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/18/2015 10:16:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 9.0.8112.16636, time stamp 0x54fe250f, faulting module MSHTML.dll, version 9.0.8112.16636, time stamp 0x54fe2734, exception code 0xc0000005, fault offset 0x00139a8c,
    process id 0x1038, application start time 0xiexplore.exe0.

    System errors:
    =============
    Error: (04/18/2015 10:44:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: 0x80070644Update for Microsoft Office 2010 (KB2956191) 32-Bit Edition{BBD2D7AF-BC83-43B8-9432-9820FE06779E}200
    Error: (04/18/2015 10:40:47 AM) (Source: volsnap) (EventID: 14) (User: )
    Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    Error: (04/18/2015 10:29:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
    Description: 0x80070032
    Error: (04/18/2015 10:25:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (04/18/2015 10:24:25 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:18:37 AM on 4/18/2015 was unexpected.
    Error: (04/18/2015 10:22:33 AM) (Source: volsnap) (EventID: 14) (User: )
    Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    Error: (04/18/2015 10:16:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
    Error: (04/18/2015 10:05:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
    Description: 0x80070032
    Error: (04/18/2015 10:04:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Windows Font Cache Service%%1053
    Error: (04/18/2015 10:04:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Windows Font Cache Service

    Microsoft Office Sessions:
    =========================
    Error: (04/18/2015 11:10:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8cc8c01d0798534f2b803
    Error: (04/18/2015 11:05:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: RightBackup.exe2.1.1000.4245f8401d0797f15662593162
    Error: (04/18/2015 10:41:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Reader_sl.exe10.1.8.245225d47eunknown0.0.0.000000000c000000500000000f7801d079811457b0e3
    Error: (04/18/2015 10:41:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ALU.exe1.0.0.1474f8081unknown0.0.0.000000000c00000050efa0800f2c01d0797f159f4693
    Error: (04/18/2015 10:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: RacAgent.exe6.0.6001.1800047918c14RacEngn.dll6.0.6002.1800549e037d8c00000fd0000b001119c01d07980ea936653
    Error: (04/18/2015 10:40:47 AM) (Source: ESENT) (EventID: 474) (User: )
    Description: wuaueng.dll1140SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb9641984 (0x0000000000932000)4096 (0x00001000)-1018 (0xfffffc06)324394584975112 (0x0001270900012708)6046174757795661542 (0x53e853e8805806e6)2353 (0x931)
    Error: (04/18/2015 10:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8c11dc01d0798074856263
    Error: (04/18/2015 10:34:57 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
    Description: Product: Microsoft Office Professional Plus 2010 -- Error 1704. An installation for Microsoft .NET Framework 4.5.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)
    Error: (04/18/2015 10:25:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/18/2015 10:16:07 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe9.0.8112.1663654fe250fMSHTML.dll9.0.8112.1663654fe2734c000000500139a8c103801d0797cabcd8812

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-13 13:26:11.101
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:26:10.841
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:46.030
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:45.746
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:45.399
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:45.086
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:44.739
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:44.388
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:44.086
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-13 13:24:43.742
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
    Percentage of memory in use: 61%
    Total physical RAM: 2046.48 MB
    Available physical RAM: 791.87 MB
    Total Pagefile: 4337.94 MB
    Available Pagefile: 2736.56 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1877.48 MB
    ==================== Drives ================================
    Drive c: (VistaOS) (Fixed) (Total:74.52 GB) (Free:6.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (DATA) (Fixed) (Total:64.76 GB) (Free:7.56 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 169BC991)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
    Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=64.8 GB) - (Type=OF Extended)
    ==================== End Of Log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    There is some infection there.
    If it'll solve your startup issues we'll see.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Dear Broni,
    Thank you for your help. Today, there was no crash. At the same time, it seems to me, no serious threat has been detected after scanning. (But may be, I am wrong). Please take a look at the all 4 log files content below.
    Anatoliy

    RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : ANATOLII [Administrator]
    Started from : C:\Users\ANATOLII\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 04/19/2015 10:43:00
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 11 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} (C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll) -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} (C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ASUS Camera ScreenSaver : C:\Windows\ASScrProlog.exe [-] -> Deleted
    [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RBClientService (C:\Program Files\Right Backup\RBClientService.exe) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RBClientService (C:\Program Files\Right Backup\RBClientService.exe) -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Not selected
    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E92911E7-C786-4834-BD3E-D20538F4D912} | NameServer : 163.28.112.1,163.28.113.1 [TAIWAN (TW)][TAIWAN (TW)] -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 5 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    [C:\Windows\System32\drivers\etc\hosts] ::1 localhost
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ui.skype.com
    [C:\Windows\System32\drivers\etc\hosts] 204.9.163.158 127.0.0.1
    [C:\Windows\System32\drivers\etc\hosts] 204.9.163.247 127.0.0.1
    ¤¤¤ Antirootkit : 10 (Driver: Loaded) ¤¤¤
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x866271f8
    [IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x866271f8
    [IAT:Addr(Hook.IEAT)] (iexplore.exe @ urlmon.dll) ole32.dll - CoGetClassObject : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612b9d60
    [IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash32_17_0_0_169.ocx) USER32.dll - TrackPopupMenu : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612a11c0
    [IAT:Addr(Hook.IEAT)] (iexplore.exe @ Flash32_17_0_0_169.ocx) WS2_32.dll - WSASocketW : C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll @ 0x612ba9a0
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
    --- User ---
    [MBR] e9384a71b21ca1a7ffddef23249ff86e
    [BSP] 96d8565462a3876302e70d1c27cf2634 : HP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 10000 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 76313 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 176771072 | Size: 66312 MB
    User = LL1 ... OK
    User = LL2 ... OK
    +++++ PhysicalDrive1: Generic-Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    ============================================
    RKreport_SCN_04192015_103809.log

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Protection, 4/19/2015 10:50:07 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Starting,
    Protection, 4/19/2015 10:50:08 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Started,
    Protection, 4/19/2015 10:50:08 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
    Update, 4/19/2015 10:50:24 AM, SYSTEM, ANATOLII-PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
    Update, 4/19/2015 10:50:24 AM, SYSTEM, ANATOLII-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
    Update, 4/19/2015 10:50:26 AM, SYSTEM, ANATOLII-PC, Manual, Malware Database, 2015.3.9.5, 2015.4.19.1,
    Protection, 4/19/2015 10:51:23 AM, SYSTEM, ANATOLII-PC, Protection, Refresh, Starting,
    Protection, 4/19/2015 10:51:26 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
    Protection, 4/19/2015 10:51:27 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Stopping,
    Protection, 4/19/2015 10:51:27 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Stopped,
    Protection, 4/19/2015 10:51:40 AM, SYSTEM, ANATOLII-PC, Protection, Refresh, Success,
    Protection, 4/19/2015 10:51:40 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
    Protection, 4/19/2015 10:51:41 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
    Scan, 4/19/2015 11:13:43 AM, SYSTEM, ANATOLII-PC, Manual, Start:4/19/2015 10:51:45 AM, Duration:21 min 16 sec, Threat Scan, Completed, 0 Malware Detections, 2 Non-Malware Detections,
    Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Starting,
    Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malware Protection, Started,
    Protection, 4/19/2015 11:17:58 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Starting,
    Protection, 4/19/2015 11:18:59 AM, SYSTEM, ANATOLII-PC, Protection, Malicious Website Protection, Started,
    (end)

    # AdwCleaner v4.201 - Logfile created 19/04/2015 at 11:34:49
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-18.3 [Server]
    # Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
    # Username : ANATOLII - ANATOLII-PC
    # Running from : C:\Users\ANATOLII\Desktop\adwcleaner_4.201.exe
    # Option : Cleaning
    ***** [ Services ] *****
    [#] Service Deleted : RBClientService
    [#] Service Deleted : YahooAUService
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\Systweak
    Folder Deleted : C:\ProgramData\Uniblue
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock
    Folder Deleted : C:\Program Files\Advanced System Protector
    Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
    Folder Deleted : C:\Program Files\PC Cleaner
    Folder Deleted : C:\Program Files\RegClean Pro
    Folder Deleted : C:\Program Files\Right Backup
    Folder Deleted : C:\Program Files\Systweak Support Dock
    Folder Deleted : C:\Program Files\DriverToolkit
    Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\ANATOLII\AppData\Local\PackageAware
    Folder Deleted : C:\Users\ANATOLII\AppData\Local\DriverToolkit
    Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\registry mechanic
    Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\rightbackup
    Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\Solvusoft
    Folder Deleted : C:\Users\ANATOLII\AppData\Roaming\Systweak
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\Right Backup.lnk
    File Deleted : C:\Windows\Reimage.ini
    File Deleted : C:\Windows\system32\roboot.exe
    File Deleted : C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Cleaner.lnk
    ***** [ Scheduled tasks ] *****
    Task Deleted : Right Backup_startup
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F90101D9-2CB1-4B19-B3A5-644C661881D6}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\distromatic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\Reimage
    Key Deleted : HKCU\Software\DriverToolkit
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Reimage
    Key Deleted : HKU\.DEFAULT\Software\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
    ***** [ Web browsers ] *****
    -\\ Internet Explorer v9.0.8112.16636

    -\\ Mozilla Firefox v36.0.1 (x86 en-US)

    -\\ Google Chrome v42.0.2311.90
    [C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    *************************
    AdwCleaner[R0].txt - [7066 bytes] - [19/04/2015 11:32:50]
    AdwCleaner[S0].txt - [7149 bytes] - [19/04/2015 11:34:49]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7208 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.8 (04.17.2015:1)
    OS: Windows Vista (TM) Business x86
    Ran by ANATOLII on Sun 04/19/2015 at 12:05:14.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Tasks

    ~~~ Registry Values
    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folders

    ~~~ FireFox
    Emptied folder: C:\Users\ANATOLII\AppData\Roaming\mozilla\firefox\profiles\yj8tseze.default\minidumps [5 files]

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 04/19/2015 at 12:09:18.98
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    MBAM log is incorrect.
    You posted "protection" log instead of "scan" log.
     
  6. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Sorry, MBAM scan log is below. By the way, this morning the same happened: freezing and then crash in about 5 mins after start-up.

    Anatoliy

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 4/19/2015
    Scan Time: 10:51:45 AM
    Logfile: mbap_scan_log.txt
    Administrator: Yes
    Version: 2.01.4.1018
    Malware Database: v2015.04.19.01
    Rootkit Database: v2015.03.31.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: ANATOLII
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 312323
    Time Elapsed: 21 min, 16 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 1
    PUP.Optional.AlexaTB.A, HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\DISTROMATIC\Toolbars, Quarantined, [8ae392dce3a7b680995c2405da2b629e],
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 1
    PUP.Optional.Conduit.A, C:\Users\ANATOLII\AppData\Local\Temp\ct3288691\ism.exe, Quarantined, [016c323c0d7d9f97f5b85067fd043bc5],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Hmm, as I see, situation becomes dangerous. During its work, ComboFix deleted 2 files: APSHook.dll, msvcr70.dll, and the folder \Windows\msdownld.tmp. After that, an announcement appeared: "Unable to create a backup of the current registry file": C\Windows\System32\config\SECURITY and ...\SOFRWARE ... (and other files). After an attempt to "continue restoration of this file?" - "Access is denied".
    Before restart:
    "LogonUIexe: this application has failed to start because MSVCR70.dll was not found".

    Now, I can work only in Safe Mode. My attempt to use System Restore failed - "No restore points have been created on your computer's system disk".

    ComboFix.txt is as follows.

    ComboFix 15-04-16.01 - ANATOLII 04/20/2015 14:17:47.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.934 [GMT 8:00]
    Running from: c:\users\ANATOLII\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msdownld.tmp
    c:\windows\System32\APSHook.dll
    c:\windows\System32\msvcr70.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-03-20 to 2015-04-20 )))))))))))))))))))))))))))))))
    .
    .
    2015-04-20 06:30 . 2015-04-20 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-04-19 04:05 . 2015-04-19 04:05 -------- d-----w- C:\RegBackup
    2015-04-19 03:32 . 2015-04-19 03:35 -------- d-----w- C:\AdwCleaner
    2015-04-19 02:50 . 2015-04-20 02:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-04-19 02:48 . 2015-03-16 22:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-04-19 02:48 . 2015-03-16 22:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-04-19 02:48 . 2015-04-19 02:48 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-04-19 02:48 . 2015-04-19 02:48 -------- d-----w- c:\programdata\Malwarebytes
    2015-04-19 02:48 . 2015-03-16 22:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-04-19 02:23 . 2015-04-19 04:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592AF26-CEC1-4577-A1BD-31157ED310A1}\offreg.dll
    2015-04-19 02:21 . 2015-04-19 02:21 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-04-19 02:21 . 2015-04-19 02:45 -------- d-----w- c:\programdata\RogueKiller
    2015-04-18 03:30 . 2015-04-18 03:32 -------- d-----w- C:\FRST
    2015-04-17 07:20 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4592AF26-CEC1-4577-A1BD-31157ED310A1}\mpengine.dll
    2015-04-17 01:58 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\system32\msxml3.dll
    2015-04-17 01:58 . 2015-03-05 02:24 297984 ----a-w- c:\windows\system32\gdi32.dll
    2015-04-17 01:56 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
    2015-04-17 01:56 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
    2015-04-17 01:54 . 2015-03-14 02:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
    2015-04-17 01:54 . 2015-03-13 01:51 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2015-04-17 01:54 . 2015-03-13 01:51 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-04-16 00:49 . 2015-04-16 00:49 -------- d-----w- c:\program files\Common Files\Skype
    2015-04-16 00:49 . 2015-04-16 00:49 -------- d-----r- c:\program files\Skype
    2015-03-25 06:34 . 2015-03-25 06:34 18475704 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    2015-03-23 11:44 . 2006-11-02 09:45 44544 -c--a-w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Report1476f596\rundll32.exe
    2015-03-23 10:11 . 2015-03-23 10:11 -------- d-----w- C:\found.001
    2015-03-22 15:31 . 2015-03-23 11:52 -------- d-----w- c:\windows\Debug
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-04-15 02:01 . 2012-06-21 03:13 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-04-15 02:01 . 2011-07-21 08:23 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-03-09 22:57 . 2015-04-15 04:57 1129472 ----a-w- c:\windows\system32\wininet.dll
    2015-03-09 22:56 . 2015-04-15 04:57 421376 ----a-w- c:\windows\system32\vbscript.dll
    2015-03-06 04:01 . 2015-03-12 02:07 279040 ----a-w- c:\windows\system32\schannel.dll
    2015-02-26 00:18 . 2015-03-12 02:22 2064384 ----a-w- c:\windows\system32\win32k.sys
    2015-02-23 20:23 . 2011-07-15 13:21 246920 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-20 02:03 . 2015-03-12 02:10 34304 ----a-w- c:\windows\system32\atmlib.dll
    2015-02-20 00:28 . 2015-03-12 02:10 296960 ----a-w- c:\windows\system32\atmfd.dll
    2015-02-17 07:26 . 2015-02-17 07:26 1217184 ----a-w- c:\windows\system32\FM20.DLL
    2015-02-04 04:23 . 2015-02-04 04:23 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2015-01-29 01:35 . 2015-03-12 02:24 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2015-01-29 01:35 . 2015-03-12 02:23 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-01-21 02:02 . 2015-03-12 02:08 807936 ----a-w- c:\windows\system32\msctf.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-01-15 12:15 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-14 720064]
    "Device Doctor Pro"="c:\program files\Device Doctor Pro\DDProLauncher.exe" [2013-11-26 133744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-04 33136]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-30 5227648]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-11-30 295512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4154192477-2723174026-2473658507-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-04-17 12:48 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2011-08-08 06:13 114176 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 02:01]
    .
    2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 13:31]
    .
    2015-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-16 13:31]
    .
    2015-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
    - c:\users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-03 06:41]
    .
    2015-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
    - c:\users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-03 06:41]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.com.ua/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\
    FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
    FF - prefs.js: browser.search.selectedEngine - Google (avast)
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1 - c:\program files\Right Backup\unins000.exe
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-04-20 14:55
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\helppane.exe
    .
    **************************************************************************
    .
    Completion time: 2015-04-20 15:02:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-04-20 07:02
    .
    Pre-Run: 7,184,527,360 bytes free
    Post-Run: 10,810,093,568 bytes free
    .
    - - End Of File - - D424252446D927702807479EEDB192FE
    5C616939100B85E558DA92B899A0FC36
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DEQUARANTINE::
    C:\Qoobox\Quarantine\c\windows\System32\APSHook.dll.vir
    C:\Qoobox\Quarantine\c\windows\System32\msvcr70.dll.vir
    QUIT::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    See if you can start computer normally.
     
  10. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Actually, as I checked with Task Manager, Avast is not running in Safe Mode. However, when ComboFix started to run, it asks me to disable Avast. Now, when I right click on Avast tray icon, there is no "shield control" in menu. What should I do now? ComboFix is waiting.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    In safe mode don't worry about disabling anything. Just run Combofix fix.
     
  12. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    I started Windows normally. However, in few minutes after that - freezing and crashing again. Combofix created no txt files, except for DeQuarantine.txt:

    :\Qoobox\Quarantine\c\windows\System32\APSHook.dll.vir -> c:\windows\System32\APSHook.dll ( 56832 bytes )
    C:\Qoobox\Quarantine\c\windows\System32\msvcr70.dll.vir -> c:\windows\System32\msvcr70.dll ( 339968 bytes )
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You may have some other issues but let's finish cleaning process.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    As I see, Avast tried to block FRST. Nevertheless, scanning is complete. The FRST.txt is below. Addition.txt - in my next reply.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
    Ran by ANATOLII (administrator) on ANATOLII-PC on 21-04-2015 13:14:21
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
    () C:\Program Files\ATKOSD2\ATKOSD2.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Program Files\Wireless Console 2\wcourier.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Program Files\ATK Hotkey\ATKOSD.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Windows\ASScrPro.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-01-15] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
    FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
    CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
    R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
    R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-15] (Avast Software)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
    R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-15] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-15] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2015-01-15] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-15] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-15] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-15] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2015-01-15] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-15] ()
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
    R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
    R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-21] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-15] (Avast Software)
    U3 anjb44g3; C:\Windows\system32\Drivers\anjb44g3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
    S3 catchme; \??\C:\Users\ANATOLII\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-04-21 13:14 - 2015-04-21 13:14 - 00021515 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
    2015-04-21 13:09 - 2015-04-18 11:29 - 01137152 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
    2015-04-21 13:04 - 2015-04-21 13:04 - 00000000 _____ () C:\Users\ANATOLII\Desktop\FRST.exe.5ap8il0.partial
    2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
    2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
    2015-04-20 17:13 - 2015-04-20 17:13 - 05301800 _____ (Dll-Files.com ) C:\Users\ANATOLII\Desktop\dff_fdp2-msvcr70.exe
    2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
    2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
    2015-04-20 13:29 - 2015-04-21 10:06 - 05619466 ____R (Swearware) C:\Users\ANATOLII\Desktop\ComboFix.exe
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
    2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
    2015-04-19 10:50 - 2015-04-21 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-19 10:48 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-19 10:48 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-19 10:32 - 2015-04-21 12:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
    2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-18 11:30 - 2015-04-21 13:14 - 00000000 ____D () C:\FRST
    2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
    2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
    2015-04-03 20:51 - 2015-04-21 12:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
    2015-04-03 20:51 - 2015-04-19 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
    2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001
    2015-03-22 21:16 - 2015-03-22 21:16 - 00000197 _____ () C:\Windows\system32\2015-03-22-13-16-36.052-AvastVBoxSVC.exe-1704.log
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-04-21 13:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-21 12:51 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-21 12:48 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
    2015-04-21 12:05 - 2008-07-05 04:08 - 01306860 _____ () C:\Windows\WindowsUpdate.log
    2015-04-21 11:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-21 11:40 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-21 11:38 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-21 11:36 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-21 11:17 - 2013-10-09 14:00 - 00907084 _____ () C:\Windows\PFRO.log
    2015-04-20 21:34 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
    2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
    2015-04-20 15:23 - 2011-12-20 15:17 - 00001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
    2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
    2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
    2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
    2015-04-20 14:40 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2015-04-20 14:40 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
    2015-04-20 12:51 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
    2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
    2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
    2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
    2015-04-16 11:49 - 2011-07-15 21:36 - 00202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
    2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
    2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
    2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
    2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
    2015-04-13 00:13 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
    2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-04-08 16:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
    2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
    2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
    2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
    2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google
    2015-03-22 23:54 - 2015-01-10 17:19 - 00000000 ____D () C:\Program Files\QuickTime
    2015-03-22 23:52 - 2011-08-04 03:44 - 00000000 ____D () C:\ProgramData\Apple Computer
    2015-03-22 23:50 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Google
    2015-03-22 23:22 - 2011-09-16 14:11 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
    2015-03-22 23:22 - 2011-09-16 14:09 - 00000000 ____D () C:\Program Files\DivX
    2015-03-22 23:22 - 2011-09-16 14:07 - 00000000 ____D () C:\ProgramData\DivX
    2015-03-22 23:18 - 2015-02-08 11:01 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-03-22 22:50 - 2011-08-04 03:40 - 00000000 ____D () C:\ProgramData\Apple
    ==================== Files in the root of some directories =======
    2011-12-20 15:17 - 2015-04-20 15:23 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
    2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
    Files to move or delete:
    ====================
    C:\Users\ANATOLII\iTunesSetup.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-04-21 11:44
    ==================== End Of Log ============================
     
  15. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
    Ran by ANATOLII at 2015-04-21 13:15:05
    Running from C:\Users\ANATOLII\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    1310 (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    1310_Help (Version: 82.0.58.000 - Hewlett-Packard) Hidden
    1310Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
    AIO_CDB_ProductContext (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Live Update (HKLM\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.6 - ASUS)
    ASUS Security Protect Manager (HKLM\...\{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}) (Version: 2.1.0.880.20 - ASUSTeK Computer Inc.)
    Asus_Camera_ScreenSaver (HKLM\...\Asus_Camera_ScreenSaver) (Version: 2.0.0006 - ASUS)
    ASUSDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - ASUSTek Corporation)
    ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
    ATK Hotkey (HKLM\...\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}) (Version: 1.00.0014 - ATK)
    ATKOSD2 (HKLM\...\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}) (Version: 6.64.1.4 - ATK)
    AuthenTec Fingerprint Sensor Minimum Install (Version: 7.8.1 - AuthenTec, Inc.) Hidden
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    BabasChess (HKLM\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Device Doctor Pro v2.2 (HKLM\...\Device Doctor Pro_is1) (Version: 2.2 - Device Doctor Software Inc.)
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
    DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4b - SEIKO EPSON CORPORATION)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Talk Plugin (HKLM\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
    JMB36X Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
    K-Lite Codec Pack 3.7.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 3.7.5 - )
    LifeFrame2 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 2.0.20 - ASUS)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    MarketResearch (Version: 82.0.174.000 - Hewlett-Packard) Hidden
    MathType 6 (HKLM\...\DSMT6) (Version: 6.5 - Design Science, Inc.)
    MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - )
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NB Probe (HKLM\...\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}) (Version: - )
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
    Power4Gear eXtreme (HKLM\...\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}) (Version: 1.00.0014 - ATK)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
    TeX Live 2012 (HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\TeXLive2012) (Version: 2012 - )
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VistaFeaturePack (HKLM\...\InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}) (Version: 1.03.0000 - CSR)
    VistaFeaturePack (Version: 1.03.0000 - CSR) Hidden
    VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version: - )
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    WinFlash (HKLM\...\{DE10AB76-4756-4913-BE25-55D1C1051F9A}) (Version: - )
    WinRAR ???? (HKLM\...\WinRAR archiver) (Version: - )
    Wireless Console 2 (HKLM\...\{83F73CB1-7705-49D1-9852-84D839CA2A45}) (Version: 2.0.8 - ATK)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    ==================== Restore Points =========================

    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 18:23 - 2015-04-20 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {02E4DE3F-2DF4-4282-B651-CAA66407AD1B} - System32\Tasks\{0D04A992-30CA-4C1B-97F4-71319097B755} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.107&amp;LastError=404
    Task: {095ADCEB-ED49-4FF3-BE90-B281F291F6CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {0F99FB19-C285-4452-B88E-B8BA078FA759} - System32\Tasks\{C58C2D42-7677-466E-AB20-2C877F9CFF88} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12029
    Task: {1038D9AD-F6AC-48F1-B67F-009A47104536} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {23B03320-5378-4098-A132-EFC544D0CE7A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {286F5505-92F7-47C9-B9F9-E1BD4B314648} - System32\Tasks\{146792C1-8D84-4D75-96DF-4DA43FE54695} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
    Task: {2FDD58C8-0EF3-4849-A523-042070B9BF0F} - System32\Tasks\{628BFC40-98C0-4478-94EF-00E5B61C7F32} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
    Task: {32288CC7-AC65-47B3-A684-675A6DA720EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
    Task: {3A9B3037-DFD5-4E81-B2C8-BE58C9727E80} - System32\Tasks\{84649C97-9B3D-48E2-A6D8-116C46D149E7} => Iexplore.exe http://ui.skype.com/ui/0/6.14.59.104/en/abandoninstall?page=tsProgressBar
    Task: {3BB28295-9A61-470A-AC55-54B4D5FFC571} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {451A3482-A8DC-43EA-A5FE-616384C6A427} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
    Task: {4705B662-3AC3-482F-9519-94AB291466CC} - System32\Tasks\{6C4454BA-A22E-4974-BBEC-BB6D54780E0B} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
    Task: {52363FF6-0295-4E1E-A97D-6C20FBD1EEBD} - System32\Tasks\rightbackup_162353 => C:\Program Files\Right Backup\RightBackup.exe
    Task: {5B298DB8-C342-4DA4-B68B-6B498F2A44CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {5DAA1915-E91E-4E3A-A9C1-D6CA3C0C845C} - System32\Tasks\{35FEE5DD-738E-490C-A599-50437C02B747} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
    Task: {5EF5B1FD-A3D7-4E85-A9D3-9A7BC2447874} - System32\Tasks\{46AF934A-CF9E-4639-BFF2-25B07A3BA544} => Iexplore.exe http://ui.skype.com/ui/0/6.14.60.104/en/abandoninstall?page=tsProgressBar
    Task: {6382DDDD-8021-43B2-A417-1A66DD61E2AB} - System32\Tasks\{23F487CE-418E-4880-9A14-B49FBE0889CB} => Iexplore.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
    Task: {6B3CA9EA-B794-40F2-9A23-60D66950124C} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-12-01] ()
    Task: {703502AE-BD7C-49E3-8A19-96DDC8047113} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {7149A954-577F-437E-9101-17F95ED4474F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {71A1FDA1-8661-4639-A5E2-68F8BF5C53EB} - System32\Tasks\{231BE699-CCCE-4EE9-9CFB-1F52F9D8AA3B} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/...r,google-chrome:notoffered;systemlevelpresent
    Task: {83E61D55-E5FD-4CA2-861E-08A0D26FCE06} - System32\Tasks\{D40FC945-960E-41DB-9214-9E1A92660F7B} => Iexplore.exe http://ui.skype.com/ui/0/6.1.60.129/en/abandoninstall?page=tsProgressBar
    Task: {8BD83A1E-AAC1-4000-B3DE-38B2DE871AF2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8D35CAFD-4332-4D04-BD12-AF51785E161B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
    Task: {8E2946D3-1D15-47FA-8A4F-5E371B0F0A0C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
    Task: {9F1905B8-1399-4914-AFA3-4AD298014EA4} - System32\Tasks\{F57096D9-2F05-4DCF-A33B-BE161304C2F7} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {A55FD5DF-7F2F-438D-ACF2-F6903EEF54DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {C462CBBB-BAC9-4B90-98B1-3E88BCE7EAB9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
    Task: {D8424EB2-ABD2-45EF-8F14-F9D645906282} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
    Task: {D940B59D-D73D-4BAD-8A5A-41ECB027D101} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {EDFA5443-184B-4B34-B4CA-C650724A113F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4154192477-2723174026-2473658507-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {FDB5DD2F-4AFE-4063-893B-3F4997BA6A4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job => C:\Users\ANATOLII\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) ==============
    2008-07-05 04:59 - 2007-02-06 09:13 - 00094208 _____ () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    2008-07-05 05:00 - 2007-08-08 15:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    2015-04-21 11:19 - 2015-04-21 11:19 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042000\algo.dll
    2015-01-15 20:14 - 2015-01-15 20:14 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
    2015-01-15 20:14 - 2015-01-15 20:14 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
    2015-01-15 20:14 - 2015-01-15 20:14 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2013-06-07 15:18 - 2013-04-15 11:49 - 00176128 _____ () C:\Windows\System32\HP1006LM.DLL
    2013-06-07 15:20 - 2013-04-15 11:49 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1006PP.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2011-07-15 18:18 - 2007-05-30 10:27 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll
    2008-07-05 05:18 - 2007-12-01 02:20 - 00051768 _____ () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    2008-07-05 04:59 - 2004-05-28 09:13 - 00057344 _____ () C:\Program Files\ATK Hotkey\CMSSC.dll
    2008-07-05 05:00 - 2007-01-18 10:26 - 07708672 _____ () C:\Program Files\ATKOSD2\ATKOSD2.exe
    2008-07-05 05:31 - 2006-12-21 14:03 - 01036288 _____ () C:\Program Files\Wireless Console 2\wcourier.exe
    2008-07-05 04:59 - 2006-12-19 08:26 - 02420736 _____ () C:\Program Files\ATK Hotkey\ATKOSD.exe
    2008-07-05 05:43 - 2008-07-05 05:43 - 00033136 _____ () C:\Windows\ASScrPro.exe
    2015-03-14 10:26 - 2015-03-14 10:26 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2008-07-05 04:27 - 2007-05-14 19:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2008-07-05 05:21 - 2007-08-04 03:24 - 00125496 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    2008-07-05 05:21 - 2007-09-15 01:00 - 00147456 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdiskex.dll
    2008-07-05 05:21 - 2003-11-28 17:11 - 00135168 _____ () C:\Program Files\ASUS\NB Probe\SPM\spos.dll
    2008-07-05 05:21 - 2005-08-30 06:24 - 00081920 _____ () C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
    2008-07-05 05:21 - 2003-09-10 07:08 - 00049152 _____ () C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll
    2008-07-05 05:21 - 2006-04-05 01:24 - 00036864 _____ () C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
    2008-07-05 05:21 - 2005-04-08 10:25 - 00077824 _____ () C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
    2015-01-15 20:14 - 2015-01-15 20:14 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ANATOLII\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================
    Administrator (S-1-5-21-4154192477-2723174026-2473658507-500 - Administrator - Disabled)
    ANATOLII (S-1-5-21-4154192477-2723174026-2473658507-1000 - Administrator - Enabled) => C:\Users\ANATOLII
    Guest (S-1-5-21-4154192477-2723174026-2473658507-501 - Limited - Disabled)
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (04/21/2015 00:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application FRST.exe, version 15.4.2015.4, time stamp 0x552ead53, faulting module FRST.exe, version 15.4.2015.4, time stamp 0x552ead53, exception code 0xc0000005, fault offset 0x0001f09e,
    process id 0x1734, application start time 0xFRST.exe0.
    Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/21/2015 11:38:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/21/2015 11:23:31 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
    This is often caused by incorrect security settings in either the writer or requestor process.

    Operation:
    Gathering Writer Data
    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6c3d99e8-40e8-4eda-b1ec-8422d4607189}
    Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (04/21/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/21/2015 10:47:37 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = ComboFix created restore point; Hr = 0x8007043c).
    Error: (04/21/2015 10:47:37 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.

    Operation:
    Instantiating VSS server

    System errors:
    =============
    Error: (04/21/2015 11:42:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
    Description: 0x80070032
    Error: (04/21/2015 11:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Windows Search%%1053
    Error: (04/21/2015 11:38:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Windows Search
    Error: (04/21/2015 11:37:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (04/21/2015 11:35:48 AM) (Source: volsnap) (EventID: 27) (User: )
    Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
    Error: (04/21/2015 11:36:07 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:28:02 AM on 4/21/2015 was unexpected.
    Error: (04/21/2015 11:33:15 AM) (Source: volsnap) (EventID: 27) (User: )
    Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
    Error: (04/21/2015 11:33:14 AM) (Source: volsnap) (EventID: 14) (User: )
    Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    Error: (04/21/2015 11:20:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
    Description: 0x8007041d
    Error: (04/21/2015 11:20:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
    Description: 0x80004005

    Microsoft Office Sessions:
    =========================
    Error: (04/21/2015 00:37:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: FRST.exe15.4.2015.4552ead53FRST.exe15.4.2015.4552ead53c00000050001f09e173401d07bec8a96c0d6
    Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (04/21/2015 11:38:54 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (04/21/2015 11:38:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/21/2015 11:23:31 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005
    Operation:
    Gathering Writer Data
    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6c3d99e8-40e8-4eda-b1ec-8422d4607189}
    Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (04/21/2015 11:21:10 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (04/21/2015 11:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
    Error: (04/21/2015 10:47:37 AM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
    Error: (04/21/2015 10:47:37 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c
    Operation:
    Instantiating VSS server

    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-21 13:15:00.384
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:15:00.135
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:59.869
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:59.573
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:59.136
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:58.871
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:58.621
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:58.309
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:36.220
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-04-21 13:14:35.970
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
    Percentage of memory in use: 64%
    Total physical RAM: 2046.48 MB
    Available physical RAM: 734.11 MB
    Total Pagefile: 4331.98 MB
    Available Pagefile: 2498.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1897.54 MB
    ==================== Drives ================================
    Drive c: (VistaOS) (Fixed) (Total:74.52 GB) (Free:7.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (DATA) (Fixed) (Total:64.76 GB) (Free:10.97 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 169BC991)
    Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
    Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=64.8 GB) - (Type=OF Extended)
    ==================== End Of Log ============================
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  17. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    This morning, my computer worked unstably. IE and then Chrome crashed all the time. I could not download fixlist.txt and had to use emergency shutdown button. Now I have downloaded this file. However, Avast blocks FRST when I press Fix. Should I disable Avast?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yes.
     
  19. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
    Ran by ANATOLII at 2015-04-22 09:48:21 Run:1
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [Not Found]
    U3 anjb44g3; C:\Windows\system32\Drivers\anjb44g3.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
    C:\Windows\system32\Drivers\anjb44g3.sys
    S3 catchme; \??\C:\Users\ANATOLII\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\ANATOLII\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    2011-12-20 15:17 - 2015-04-20 15:23 - 0001356 _____ () C:\Users\ANATOLII\AppData\Local\d3d9caps.dat
    2011-07-15 21:36 - 2015-04-16 11:49 - 0202240 _____ () C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-08-12 04:40 - 2012-12-05 18:42 - 0002268 _____ () C:\ProgramData\hpzinstall.log
    C:\Users\ANATOLII\iTunesSetup.exe
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
    C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll not found.
    C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
    C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
    C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
    C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
    C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll not found.
    C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
    C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
    anjb44g3 => Service not found.
    "C:\Windows\system32\Drivers\anjb44g3.sys" => File/Directory not found.
    catchme => Service deleted successfully.
    cpuz134 => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    SymIMMP => Service deleted successfully.
    C:\Users\ANATOLII\AppData\Local\d3d9caps.dat => Moved successfully.
    C:\Users\ANATOLII\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\ProgramData\hpzinstall.log => Moved successfully.
    C:\Users\ANATOLII\iTunesSetup.exe => Moved successfully.
    C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.

    ==== End of Fixlog 09:48:21 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please re-run FRST scan one more time.
    I only need one log (FRST.txt).
     
  21. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
    Ran by ANATOLII (administrator) on ANATOLII-PC on 22-04-2015 10:27:48
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
    () C:\Program Files\ATKOSD2\ATKOSD2.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Program Files\Wireless Console 2\wcourier.exe
    () C:\Program Files\ATK Hotkey\ATKOSD.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    () C:\Windows\ASScrPro.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-21] (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Bookmark Manager) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
    CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
    CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
    R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
    R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-21] (Avast Software)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
    R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-21] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-21] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-21] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-21] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-21] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-21] (Avast Software s.r.o.)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-21] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-21] ()
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
    R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
    R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-21] (Avast Software)
    U3 avle3its; C:\Windows\system32\Drivers\avle3its.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 10:27 - 2015-04-22 10:28 - 00020419 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
    2015-04-22 10:27 - 2015-04-22 10:27 - 01139200 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
    2015-04-22 09:12 - 2015-04-22 10:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\FRST-OlderVersion
    2015-04-22 09:10 - 2015-04-22 09:10 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (2).txt
    2015-04-22 09:02 - 2015-04-22 09:02 - 00000000 __SHD () C:\found.002
    2015-04-22 08:46 - 2015-04-22 08:46 - 00003447 _____ () C:\Users\ANATOLII\Downloads\7CF6.tmp
    2015-04-22 08:45 - 2015-04-22 08:45 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (1).txt
    2015-04-22 08:43 - 2015-04-22 08:43 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist.txt
    2015-04-21 17:17 - 2015-04-21 17:17 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-04-21 17:17 - 2015-04-21 17:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
    2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
    2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
    2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
    2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
    2015-04-19 10:50 - 2015-04-22 09:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-19 10:48 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-19 10:48 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-19 10:48 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-19 10:32 - 2015-04-22 09:51 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
    2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-18 11:30 - 2015-04-22 10:27 - 00000000 ____D () C:\FRST
    2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
    2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
    2015-04-03 20:51 - 2015-04-22 09:57 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
    2015-04-03 20:51 - 2015-04-21 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
    2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 10:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-22 09:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
    2015-04-22 09:56 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
    2015-04-22 09:48 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
    2015-04-22 09:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-22 09:43 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
    2015-04-22 09:11 - 2008-07-05 04:08 - 01333870 _____ () C:\Windows\WindowsUpdate.log
    2015-04-22 09:06 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-22 09:05 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-22 09:05 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-22 09:05 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-21 21:19 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-21 21:18 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2015-04-21 19:38 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
    2015-04-21 18:18 - 2013-10-09 14:00 - 00908424 _____ () C:\Windows\PFRO.log
    2015-04-21 18:18 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\spool
    2015-04-21 17:17 - 2014-04-28 15:47 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-04-21 17:16 - 2014-01-17 10:45 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
    2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
    2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
    2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
    2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
    2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
    2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
    2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
    2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
    2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
    2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
    2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
    2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
    2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
    2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
    2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
    2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-22 09:12

    ==================== End Of Log ============================
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK, something keeps creating those fake "zero" size files...

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  23. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Indeed, as I made sure earlier, hidden (empty) FRST.exe file was created on my desktop.
    Fixlog is below.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
    Ran by ANATOLII at 2015-04-22 10:49:44 Run:2
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    U3 avle3its; C:\Windows\system32\Drivers\avle3its.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
    C:\Windows\system32\Drivers\avle3its.sys

    *****************

    C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll not found.
    C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll not found.
    C:\Windows\system32\Macromed\Flash\NPSWF32.dll not found.
    C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll not found.
    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll not found.
    C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
    C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
    C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll not found.
    C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.
    C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
    C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
    C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll not found.
    avle3its => Service deleted successfully.
    Could not move "C:\Windows\system32\Drivers\avle3its.sys" => Scheduled to move on reboot.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-22 10:52:19)<=

    C:\Windows\system32\Drivers\avle3its.sys => Is moved successfully.

    ==== End of Fixlog 10:52:19 ====
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK, re-run FRST scan one more time
     
  25. Anatoliy

    Anatoliy TS Rookie Topic Starter Posts: 33

    Ready. FRST log is below.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
    Ran by ANATOLII (administrator) on ANATOLII-PC on 22-04-2015 11:28:14
    Running from C:\Users\ANATOLII\Desktop
    Loaded Profiles: ANATOLII (Available profiles: ANATOLII)
    Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    () C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
    () C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    () C:\Program Files\ATKOSD2\ATKOSD2.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    () C:\Program Files\Wireless Console 2\wcourier.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    () C:\Program Files\ATK Hotkey\ATKOSD.exe
    () C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    () C:\Windows\ASScrPro.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\ASScrPro.exe [33136 2008-07-05] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\...\Run: [Device Doctor Pro] => C:\Program Files\Device Doctor Pro\DDProLauncher.exe [133744 2013-11-26] (Device Doctor Software Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-21] (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4154192477-2723174026-2473658507-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.ua/
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A54AA4E-04EB-43CB-A863-9818C7867182} URL = http://www.flickr.com/search/?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {0A569F7C-2438-44BB-A3C9-3B0D81EE4F5A} URL = http://delicious.com/search?p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {5EC95614-A7BC-4CBD-8721-3E4380481552} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-4154192477-2723174026-2473658507-1000 -> {F05D5B23-87AF-40C7-9013-BA72571D3042} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21] (Bioscrypt Inc.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default
    FF DefaultSearchEngine: Google (avast)
    FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
    FF SearchEngineOrder.1: Google (avast)
    FF SelectedSearchEngine: Google (avast)
    FF Homepage: https://www.google.com/?trackid=sp-006
    FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-11-30] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-11-30] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @talk.google.com/O1DPlugin -> C:\Users\ANATOLII\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4154192477-2723174026-2473658507-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ANATOLII\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ANATOLII\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Users\ANATOLII\AppData\Roaming\Mozilla\Firefox\Profiles\yj8tseze.default\searchplugins\google-avast.xml [2015-01-21]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-05]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-17]
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-30]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (Skype Toolbars) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
    CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
    CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Bookmark Manager) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
    CHR Extension: (Avast Online Security) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
    CHR Extension: (RealDownloader) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-18]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Google Wallet) - C:\Users\ANATOLII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASBroker; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
    R2 ASChannel; c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
    R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] () [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-21] (Avast Software)
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)
    R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-04] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-25] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-21] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-21] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-21] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-21] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-21] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-21] (Avast Software s.r.o.)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-21] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-21] ()
    R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-17] (AuthenTec, Inc.)
    R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
    R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [72704 2007-11-26] (JMicron Technology Corp.)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [5632 2007-01-24] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-22] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1769984 2007-10-01] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2011-09-02] () [File not signed]
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-21] (Avast Software)
    U3 ai0m6f7f; C:\Windows\system32\Drivers\ai0m6f7f.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 11:28 - 2015-04-22 11:28 - 00020581 _____ () C:\Users\ANATOLII\Desktop\FRST.txt
    2015-04-22 10:27 - 2015-04-22 10:27 - 01139200 _____ (Farbar) C:\Users\ANATOLII\Desktop\FRST.exe
    2015-04-22 09:12 - 2015-04-22 10:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\FRST-OlderVersion
    2015-04-22 09:10 - 2015-04-22 09:10 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (2).txt
    2015-04-22 09:02 - 2015-04-22 09:02 - 00000000 __SHD () C:\found.002
    2015-04-22 08:46 - 2015-04-22 08:46 - 00003447 _____ () C:\Users\ANATOLII\Downloads\7CF6.tmp
    2015-04-22 08:45 - 2015-04-22 08:45 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist (1).txt
    2015-04-22 08:43 - 2015-04-22 08:43 - 00003447 _____ () C:\Users\ANATOLII\Downloads\fixlist.txt
    2015-04-21 17:17 - 2015-04-21 17:17 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-04-21 17:17 - 2015-04-21 17:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-21 10:48 - 2015-04-21 10:48 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00056832 _____ (Cognizance Corporation) C:\Windows\system32\APSHook.dll
    2015-04-21 10:48 - 2015-04-21 10:48 - 00000219 _____ () C:\DeQuarantine.txt
    2015-04-21 10:47 - 2015-04-21 10:48 - 00000000 ___SD () C:\ComboFix
    2015-04-20 14:12 - 2015-04-21 10:48 - 00000000 ____D () C:\Qoobox
    2015-04-20 14:12 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-04-20 14:12 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-04-20 14:12 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-04-20 14:11 - 2015-04-20 15:00 - 00000000 ____D () C:\Windows\erdnt
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ANATOLII-PC-Windows-Vista-(TM)-Business-(32-bit).dat
    2015-04-19 12:05 - 2015-04-19 12:05 - 00000000 ____D () C:\RegBackup
    2015-04-19 11:32 - 2015-04-19 11:35 - 00000000 ____D () C:\AdwCleaner
    2015-04-19 10:50 - 2015-04-22 10:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-04-22 09:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-04-19 10:48 - 2015-04-19 10:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-19 10:48 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-04-19 10:48 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-04-19 10:48 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-04-19 10:32 - 2015-04-22 11:01 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Repair
    2015-04-19 10:21 - 2015-04-19 10:45 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-04-19 10:21 - 2015-04-19 10:21 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-04-18 11:30 - 2015-04-22 11:28 - 00000000 ____D () C:\FRST
    2015-04-17 09:58 - 2015-03-09 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-17 09:58 - 2015-03-05 10:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-17 09:56 - 2015-03-05 10:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-17 09:56 - 2015-03-05 10:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-17 09:54 - 2015-03-14 10:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-17 09:54 - 2015-03-13 09:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-04-17 09:54 - 2015-03-13 09:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ___RD () C:\Program Files\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-16 08:49 - 2015-04-16 08:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-04-15 18:48 - 2015-04-16 15:07 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Colorado
    2015-04-15 12:57 - 2015-03-10 07:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-15 12:57 - 2015-03-10 07:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-15 12:57 - 2015-03-10 07:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-15 12:57 - 2015-03-10 07:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-15 12:57 - 2015-03-10 06:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-15 12:57 - 2015-03-10 06:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-04-15 12:57 - 2015-03-10 06:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-15 12:57 - 2015-03-10 06:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-04-15 12:57 - 2015-03-10 06:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-04-15 12:57 - 2015-03-10 06:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-04-13 18:09 - 2015-04-20 15:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\MDM
    2015-04-03 20:51 - 2015-04-22 10:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000UA.job
    2015-04-03 20:51 - 2015-04-21 20:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4154192477-2723174026-2473658507-1000Core.job
    2015-03-30 14:44 - 2015-03-30 14:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-23 18:11 - 2015-03-23 18:11 - 00000000 ____D () C:\found.001

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-22 11:25 - 2008-07-05 04:08 - 01339743 _____ () C:\Windows\WindowsUpdate.log
    2015-04-22 11:24 - 2014-01-21 11:09 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\CrashDumps
    2015-04-22 11:01 - 2012-06-21 11:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-22 10:52 - 2011-07-16 16:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-22 10:52 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-22 10:52 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-22 10:52 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-22 10:50 - 2008-07-05 04:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2015-04-22 10:50 - 2006-11-02 21:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-22 10:47 - 2011-07-16 16:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-22 10:34 - 2011-07-16 21:41 - 00000000 ____D () C:\Users\ANATOLII\Documents\BabasChess
    2015-04-22 09:57 - 2013-05-24 14:31 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Mozilla
    2015-04-22 09:56 - 2011-07-15 21:33 - 00000000 ____D () C:\Users\ANATOLII\Documents\Private3
    2015-04-22 09:48 - 2011-07-15 16:53 - 00000000 ____D () C:\Users\ANATOLII
    2015-04-21 18:18 - 2013-10-09 14:00 - 00908424 _____ () C:\Windows\PFRO.log
    2015-04-21 18:18 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\system32\spool
    2015-04-21 17:17 - 2014-04-28 15:47 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
    2015-04-21 17:17 - 2014-01-17 10:45 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-04-21 17:16 - 2014-01-17 10:45 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-04-21 11:18 - 2006-11-02 20:47 - 00436464 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-20 15:52 - 2014-04-17 13:37 - 00000000 ____D () C:\Users\ANATOLII\Desktop\New
    2015-04-20 15:08 - 2014-04-24 11:35 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Absorption problem
    2015-04-20 15:02 - 2006-11-02 19:18 - 00000000 ___RD () C:\Users\Public
    2015-04-20 14:53 - 2006-11-02 18:23 - 00000215 _____ () C:\Windows\system.ini
    2015-04-20 14:38 - 2014-03-16 20:52 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Skype
    2015-04-20 11:37 - 2014-05-30 17:26 - 00002337 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-20 10:04 - 2008-07-05 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-20 09:38 - 2006-11-02 18:33 - 00757474 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-19 11:58 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-04-19 11:17 - 2006-11-02 19:18 - 00000000 ____D () C:\Windows\L2Schemas
    2015-04-19 09:56 - 2014-06-06 14:56 - 00000000 ____D () C:\Users\ANATOLII\AppData\Roaming\Device Doctor Pro
    2015-04-17 20:54 - 2013-05-17 11:43 - 00001938 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-16 17:04 - 2013-05-24 14:55 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Library 2006_2014
    2015-04-16 11:43 - 2011-07-15 21:28 - 00000000 ____D () C:\Users\ANATOLII\Documents\MATLAB
    2015-04-16 08:49 - 2011-07-16 16:33 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-16 08:49 - 2006-11-02 18:23 - 00000254 _____ () C:\Windows\win.ini
    2015-04-15 10:01 - 2012-06-21 11:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-04-15 10:01 - 2011-07-21 16:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-04-14 20:26 - 2014-12-03 19:27 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Giant permittivity paper
    2015-04-14 20:17 - 2012-01-30 16:40 - 00000000 ____D () C:\Users\ANATOLII\Documents\Outlook Files
    2015-04-13 00:13 - 2013-04-06 20:28 - 00000096 _____ () C:\Users\ANATOLII\psv.ini
    2015-04-11 09:40 - 2014-06-26 11:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-04-03 20:51 - 2011-07-16 16:34 - 00000000 ____D () C:\Users\ANATOLII\AppData\Local\Google
    2015-03-28 23:54 - 2015-01-19 11:20 - 00000000 ____D () C:\Users\ANATOLII\Desktop\Chess
    2015-03-23 20:56 - 2013-10-15 12:49 - 00000000 ____D () C:\Users\ANATOLII\Desktop\ENZ_3d OME12
    2015-03-23 18:15 - 2011-07-16 16:33 - 00000000 ____D () C:\Program Files\Google

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-22 10:58

    ==================== End Of Log ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...