TechSpot

Friends W7 Ultimate VERY slow possible infected

By learninmypc
Jul 8, 2015
  1. I've disabled windows defender & there was no security programs on it so I installed Avast,M-bam, SpywareBlaster & SAS. Ran SAS & it removed ALOT of junk. Will find other scans below.
    "EDIT" Anything on here that is not legal, it needs to go.
     
    Last edited: Jul 8, 2015
  2. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
    Ran by Raphael's Dad at 2015-07-08 10:19:17
    Running from C:\Users\Raphael's Dad\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2314415000-3786125397-2692526694-500 - Administrator - Disabled)
    Guest (S-1-5-21-2314415000-3786125397-2692526694-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2314415000-3786125397-2692526694-1002 - Limited - Enabled)
    Raphael's Dad (S-1-5-21-2314415000-3786125397-2692526694-1000 - Administrator - Enabled) => C:\Users\Raphael's Dad

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AGEIA PhysX v7.09.13 (HKLM-x32\...\{45235788-142C-44BE-8A4D-DDE9A84492E5}) (Version: 7.09.13 - AGEIA Technologies, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
    BitTorrent (HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-J4620DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
    Extended Update (HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner) <==== ATTENTION
    Scansoft PDF Professional (x32 Version: - ) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    08-07-2015 07:56:30 Windows Update
    08-07-2015 08:11:53 avast! antivirus system restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2F0D6876-BAAD-4855-947E-911991AEBE1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-20] (Google Inc.)
    Task: {3594EBE5-FEFC-442D-B3AA-39BFD51B3309} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {630680BB-6296-420E-8DD7-2BC329D4F0B6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-08] (Avast Software s.r.o.)
    Task: {8B18F8E6-51AF-4D21-B559-4BE3BCCBD7EB} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
    Task: {A6C3A0C5-4366-4190-9566-CF7BB7E3E5DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-20] (Google Inc.)
    Task: {DE8B455F-E223-4C09-8540-03F364A5D2D9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
    Task: {E6179D78-35CF-4A71-97AE-089DE843D220} - System32\Tasks\UpdaterEX => C:\Users\RAPHAE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\RAPHAE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-18 11:37 - 2005-04-21 21:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
    2015-07-08 08:17 - 2015-07-08 08:17 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-07-08 08:17 - 2015-07-08 08:17 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-07-08 08:31 - 2015-07-08 08:31 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070800\algo.dll
    2015-07-08 09:34 - 2015-07-08 09:34 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070801\algo.dll
    2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2015-03-18 11:36 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2015-07-08 08:17 - 2015-07-08 08:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\1001movie.com -> 1001movie.com

    There are 6091 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Raphael's Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1 - 74.40.74.40

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{12EAE27C-F344-4F6B-A431-7DFEEF3CDD14}] => (Allow) C:\Users\Raphael's Dad\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{AB7350C1-E06E-4EAD-BD74-397A757666E7}] => (Allow) C:\Users\Raphael's Dad\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{EA386918-4BF9-4C9E-8380-CBCB5FE91D24}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{5942E027-B9DB-4A4C-BBFA-48EB8B089F6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1ADBCBB0-65EE-40E7-AE39-56485DC7AF02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0DC2FED2-939E-4645-BFD1-B69E23432585}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6E6FAEC3-178F-4372-BCB9-C332DFC35B52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{D5356CB6-05AD-46B2-B924-732943F644D1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{3A7C5CD2-5C68-414A-9F9C-AA6C2C1C045B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{BE70F675-D45A-4587-B635-3B981E6DA2E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{23ABA75F-3FFC-4F1F-8CD7-26942669D693}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Faulty Device Manager Devices =============

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Data Interface
    Description: Data Interface
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Data Interface
    Description: Data Interface
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/08/2015 09:34:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/08/2015 08:23:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (07/08/2015 08:12:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wqvfpmxd.

    System Error:
    The system cannot find the file specified.
    .

    Error: (07/08/2015 08:10:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (07/08/2015 07:58:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
    .

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2824

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2824

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/08/2015 07:44:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1825

    Error: (07/08/2015 07:44:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1825


    System errors:
    =============
    Error: (07/08/2015 09:38:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (07/07/2015 08:15:06 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (07/07/2015 08:12:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

    Error: (07/07/2015 06:51:02 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:56:21 PM on ‎7/‎6/‎2015 was unexpected.

    Error: (07/01/2015 10:35:48 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 12:23:52 PM on ‎6/‎21/‎2015 was unexpected.

    Error: (06/16/2015 11:57:00 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:23:46 PM on ‎6/‎14/‎2015 was unexpected.

    Error: (06/14/2015 09:08:55 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:06:59 PM on ‎6/‎14/‎2015 was unexpected.

    Error: (06/14/2015 05:34:30 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR3.

    Error: (06/14/2015 05:34:29 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR3.

    Error: (06/14/2015 05:34:29 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR3.


    Microsoft Office:
    =========================
    Error: (07/08/2015 09:34:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/08/2015 08:23:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/08/2015 08:12:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary wqvfpmxd.

    System Error:
    The system cannot find the file specified.

    Error: (07/08/2015 08:10:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/08/2015 07:58:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2824

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2824

    Error: (07/08/2015 07:44:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (07/08/2015 07:44:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1825

    Error: (07/08/2015 07:44:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1825


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
    Percentage of memory in use: 83%
    Total physical RAM: 2038.04 MB
    Available physical RAM: 340.91 MB
    Total Virtual: 4076.09 MB
    Available Virtual: 1638.66 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.53 GB) (Free:23.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: (USB30FD) (Removable) (Total:58.45 GB) (Free:56.47 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 3B023B02)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 58.5 GB) (Disk ID: 18456D95)
    Partition 1: (Active) - (Size=58.5 GB) - (Type=0C)

    ==================== End of log ============================
     
  3. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
    Ran by Raphael's Dad (administrator) on RAPHAELSDAD-PC on 08-07-2015 10:17:53
    Running from C:\Users\Raphael's Dad\Desktop
    Loaded Profiles: Raphael's Dad (Available Profiles: Raphael's Dad)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (BitTorrent Inc.) C:\Users\Raphael's Dad\AppData\Roaming\BitTorrent\BitTorrent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-05-22] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-08] (Avast Software s.r.o.)
    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\Run: [BitTorrent] => C:\Users\Raphael's Dad\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-12] (BitTorrent Inc.)
    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\Run: [GoogleChromeAutoLaunch_745578EB1C23DB9C76C1EFA86D41776B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-06] (Google Inc.)
    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    Startup: C:\Users\Raphael's Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2015-03-28]
    ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-08] (Avast Software s.r.o.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2314415000-3786125397-2692526694-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000 -> DefaultScope {5674F06A-37D1-4610-8194-6641C3A9B2D4} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2314415000-3786125397-2692526694-1000 -> {5674F06A-37D1-4610-8194-6641C3A9B2D4} URL = https://www.google.com/search?q={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-08] (Avast Software s.r.o.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-08] (Avast Software s.r.o.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 74.40.74.40
    Tcpip\..\Interfaces\{314479DF-52C0-4887-B992-0E50C20E6D69}: [DhcpNameServer] 192.168.1.1 74.40.74.40

    FireFox:
    ========
    FF ProfilePath: C:\Users\Raphael's Dad\AppData\Roaming\Mozilla\Firefox\Profiles\j2dws978.default
    FF DefaultSearchEngine.US: Google
    FF Homepage: www.kirotv.com
    FF NetworkProxy: "type", 0
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Extension: WOT - C:\Users\Raphael's Dad\AppData\Roaming\Mozilla\Firefox\Profiles\j2dws978.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-08]
    FF Extension: Adblock Plus - C:\Users\Raphael's Dad\AppData\Roaming\Mozilla\Firefox\Profiles\j2dws978.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-08]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-08]

    Chrome:
    =======
    CHR Profile: C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-20]
    CHR Extension: (Google Docs) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-20]
    CHR Extension: (Google Drive) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-20]
    CHR Extension: (YouTube) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-20]
    CHR Extension: (Adblock Plus) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-08]
    CHR Extension: (Google Search) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-20]
    CHR Extension: (Google Sheets) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-20]
    CHR Extension: (Avast Online Security) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-08]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
    CHR Extension: (Skype Click to Call) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-11]
    CHR Extension: (Google Wallet) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-20]
    CHR Extension: (Gmail) - C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-20]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-08]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-08] (Avast Software s.r.o.)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-08] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-08] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-08] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-08] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-08] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-08] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-08] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-08] ()
    R3 bcm44amd64; C:\Windows\System32\DRIVERS\b44amd64.sys [87552 2009-06-10] (Broadcom Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-08 10:17 - 2015-07-08 10:18 - 00014637 _____ C:\Users\Raphael's Dad\Desktop\FRST.txt
    2015-07-08 10:16 - 2015-07-08 10:18 - 00000000 ____D C:\FRST
    2015-07-08 10:16 - 2015-07-08 10:16 - 02112512 _____ (Farbar) C:\Users\Raphael's Dad\Desktop\FRST64.exe
    2015-07-08 10:11 - 2015-07-08 10:11 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
    2015-07-08 10:11 - 2015-07-08 10:11 - 00002124 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
    2015-07-08 10:11 - 2015-07-08 10:11 - 00000000 ____D C:\Program Files (x86)\Belarc
    2015-07-08 10:00 - 2015-07-08 10:01 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-08 10:00 - 2015-07-08 10:00 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-08 10:00 - 2015-07-08 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-08 10:00 - 2015-07-08 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-07-08 10:00 - 2015-07-08 10:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-08 10:00 - 2015-06-18 09:27 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-07-08 10:00 - 2015-06-18 09:27 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-07-08 10:00 - 2015-06-18 09:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-07-08 09:56 - 2015-07-08 09:58 - 00000000 ____D C:\ProgramData\TEMP
    2015-07-08 09:56 - 2015-07-08 09:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2015-07-08 09:56 - 2015-07-08 09:56 - 00001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
    2015-07-08 09:56 - 2015-07-08 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2015-07-08 09:56 - 2015-07-08 09:56 - 00000000 ____D C:\ProgramData\Licenses
    2015-07-08 09:56 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
    2015-07-08 09:45 - 2015-07-08 09:52 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Local\Mozilla
    2015-07-08 09:45 - 2015-07-08 09:45 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\Mozilla
    2015-07-08 09:44 - 2015-07-08 09:44 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-07-08 09:44 - 2015-07-08 09:44 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-07-08 09:44 - 2015-07-08 09:44 - 00000000 ____D C:\ProgramData\Mozilla
    2015-07-08 09:44 - 2015-07-08 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-07-08 09:44 - 2015-07-08 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-07-08 09:06 - 2015-07-08 09:06 - 00000000 ____D C:\SUPERDelete
    2015-07-08 09:04 - 2015-07-08 09:04 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\SUPERAntiSpyware.com
    2015-07-08 09:03 - 2015-07-08 09:04 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-07-08 09:03 - 2015-07-08 09:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-07-08 09:03 - 2015-07-08 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-07-08 08:55 - 2015-07-08 08:57 - 22457640 _____ (SUPERAntiSpyware) C:\Users\Raphael's Dad\Desktop\SUPERAntiSpyware.exe
    2015-07-08 08:51 - 2015-07-08 08:53 - 24344040 _____ (Malwarebytes Corporation ) C:\Users\Raphael's Dad\Desktop\mbam-setup-techspot-2.1.8.1057.exe
    2015-07-08 08:25 - 2015-07-08 08:25 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\AVAST Software
    2015-07-08 08:22 - 2015-07-08 08:22 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-07-08 08:22 - 2015-07-08 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-07-08 08:21 - 2015-07-08 08:21 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-07-08 08:18 - 2015-07-08 08:21 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-07-08 08:18 - 2015-07-08 08:18 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2015-07-08 08:18 - 2015-07-08 08:18 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
    2015-07-08 08:18 - 2015-07-08 08:16 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-07-08 08:17 - 2015-07-08 08:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-07-08 08:14 - 2015-07-08 08:14 - 00000000 ____D C:\Program Files\AVAST Software
    2015-07-08 08:08 - 2015-07-08 08:09 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-07-08 07:57 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-07-08 07:57 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-07-08 07:57 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-07-08 07:57 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-07-08 07:57 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-07-08 07:57 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-07-08 07:57 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-07-08 07:57 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-07-08 07:57 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-07-08 07:57 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-07-08 07:56 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-07-08 07:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-07-08 07:56 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-07-08 07:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-06-21 11:42 - 2015-06-21 11:43 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Alone.S01E01.And.So.It.Begins.HDTV.x264-W4F[ettv]
    2015-06-12 15:14 - 2015-06-12 15:42 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Project Almanac (2014)
    2015-06-12 14:36 - 2015-06-12 15:10 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Time Lapse (2014)
    2015-06-12 12:59 - 2015-06-12 14:24 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Kurt Cobain Montage of Heck (2015) [1080p]
    2015-06-12 11:56 - 2015-06-12 12:02 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\The.Big.Bang.Theory.S08E23.HDTV.x264-LOL[ettv]
    2015-06-12 11:24 - 2015-06-12 11:38 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Get Hard (2015)
    2015-06-09 00:45 - 2015-06-09 01:06 - 00000000 ____D C:\Users\Raphael's Dad\Downloads\Run All Night (2015)

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-08 10:19 - 2014-10-30 08:34 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\BitTorrent
    2015-07-08 10:18 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-08 10:18 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-08 10:10 - 2014-11-19 19:10 - 00000314 _____ C:\Windows\Tasks\UpdaterEX.job
    2015-07-08 09:43 - 2014-10-29 21:28 - 00617470 _____ C:\Windows\WindowsUpdate.log
    2015-07-08 09:34 - 2014-11-20 16:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-08 09:33 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-08 09:33 - 2009-07-13 21:51 - 00038428 _____ C:\Windows\setupact.log
    2015-07-08 09:32 - 2010-11-20 20:47 - 00009004 _____ C:\Windows\PFRO.log
    2015-07-08 09:23 - 2014-11-20 16:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-08 08:10 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-08 07:48 - 2015-03-05 13:42 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\Skype
    2015-07-08 07:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-07-07 19:43 - 2014-10-31 14:08 - 00000000 ____D C:\Users\Raphael's Dad\AppData\Roaming\vlc
    2015-07-07 19:31 - 2014-11-20 16:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-14 17:26 - 2015-03-18 11:38 - 00013405 _____ C:\Windows\BRRBCOM.INI
    2015-06-13 14:23 - 2015-03-18 11:44 - 00000000 ____D C:\Users\Raphael's Dad\Documents\CE 2015 - Shiraz

    Some files in TEMP:
    ====================
    C:\Users\Raphael's Dad\AppData\Local\Temp\install_flash_player_ax.exe
    C:\Users\Raphael's Dad\AppData\Local\Temp\install_reader10_en_mssd_aaa_aih.exe
    C:\Users\Raphael's Dad\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aaa_aih[1].exe
    C:\Users\Raphael's Dad\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aaa_aih[1]_1.exe
    C:\Users\Raphael's Dad\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih[1].exe
    C:\Users\Raphael's Dad\AppData\Local\Temp\_isEB80.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-13 00:07

    ==================== End of log ============================
     
  4. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    With 2gb's of ram, its in the process downloading/installing 162MS updates.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Uninstall following unwanted programs:

    Extended Update
    Pro PC Cleaner


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    I went into Programs & Features to uninstall Extended Update
    Pro PC Cleaner but it said it may have already been removed.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's fine...go on.
     
  8. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    I'm doing Rogue Killer now.:)
     
  9. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    RK I believe has froze. It shows 82% is the scanning process & 40% under the scan button. Its been like that for at least 20 minutes.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Restart computer and try again.
     
  11. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Ok, doing that now.
     
  12. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Its installing 111 of 161 MS updates:eek:
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Keep it updating :)
     
  14. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Its at 123 of 161 now :)
     
  15. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    RogueKiller V10.9.0.0 [Jul 6 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Raphael's Dad [Administrator]
    Started from : C:\Users\Raphael's Dad\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 07/08/2015 21:46:03

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 6 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{314479DF-52C0-4887-B992-0E50C20E6D69} | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{314479DF-52C0-4887-B992-0E50C20E6D69} | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{314479DF-52C0-4887-B992-0E50C20E6D69} | DhcpNameServer : 192.168.1.1 74.40.74.40 ([-][UNITED STATES (US)]) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] %WINDIR%\Tasks\UpdaterEX.job -- C:\Users\RAPHAE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Not selected
    [Suspicious.Path] \UpdaterEX -- C:\Users\RAPHAE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] j2dws978.default : user_pref("browser.startup.homepage", "www.kirotv.com"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST980813AS ATA Device +++++
    --- User ---
    [MBR] 676279a390965d7f5aa029d187fb178c
    [BSP] 213e3c41fc34ca15a27c929de95984ab : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: PNY USB 3.0 FD USB Device +++++
    --- User ---
    [MBR] 71e69a4e0fce107497b09ab1dff5a9b2
    [BSP] 61eaf76c2f1150b6e603d096fd0f7d40 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 59871 MB
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  16. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Error, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Update, Bad md5 or size: akadomains, 11,
    Error, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Update, Bad md5 or size: akaips, 11,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, Remediation Database, 2015.5.13.1, 2015.7.1.2,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.7.7.1,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, AKA IP Database, 0.0.0.0, 2015.7.8.3,
    Update, 7/8/2015 10:00 AM, SYSTEM, RAPHAELSDAD-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.7.8.2,
    Update, 7/8/2015 10:01 AM, SYSTEM, RAPHAELSDAD-PC, Manual, Malware Database, 2015.6.3.3, 2015.7.8.4,
    Error, 7/8/2015 12:09 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 12:09 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 12:09 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 12:26 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 12:26 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 12:26 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 2:13 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 2:13 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 2:13 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 2:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 2:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 2:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 8:43 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 8:43 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 8:43 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 8:51 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 8:51 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 8:51 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Error, 7/8/2015 8:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, IsLicensed, 13,
    Protection, 7/8/2015 8:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopping,
    Protection, 7/8/2015 8:57 PM, SYSTEM, RAPHAELSDAD-PC, Protection, Malware Protection, Stopped,
    Update, 7/8/2015 9:51 PM, SYSTEM, RAPHAELSDAD-PC, Manual, AKA Domain Database, 2015.7.8.2, 2015.7.9.1,
    Update, 7/8/2015 9:51 PM, SYSTEM, RAPHAELSDAD-PC, Manual, Malware Database, 2015.7.8.4, 2015.7.8.8,

    (end)
     
  17. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    # AdwCleaner v4.207 - Logfile created 09/07/2015 at 04:42:54
    # Updated 21/06/2015 by Xplode
    # Database : 2015-07-05.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Raphael's Dad - RAPHAELSDAD-PC
    # Running from : C:\Users\Raphael's Dad\Desktop\adwcleaner_4.207.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\END
    File Deleted : C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
    File Deleted : C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
    File Deleted : C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    File Deleted : C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

    ***** [ Scheduled tasks ] *****

    Task Deleted : UpdaterEX

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\UpdaterEX
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v39.0 (x86 en-US)


    -\\ Google Chrome v43.0.2357.132


    *************************

    AdwCleaner[R0].txt - [2205 bytes] - [09/07/2015 04:39:56]
    AdwCleaner[S0].txt - [2107 bytes] - [09/07/2015 04:42:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2166 bytes] ##########
     
  18. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.3.8 (07.09.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by Raphael's Dad on Thu 07/09/2015 at 5:12:48.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_745578EB1C23DB9C76C1EFA86D41776B



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Users\Raphael's Dad\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage
    Successfully deleted: [File] C:\Users\Raphael's Dad\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal



    ~~~ Folders



    ~~~ Chrome


    [C:\Users\Raphael's Dad\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Raphael's Dad\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Raphael's Dad\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Raphael's Dad\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 07/09/2015 at 5:21:39.72
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    CORPUS.jpg
    That has been popping up the last few reboots. It was CORPUS where it now says HOMEWORK MACHINE.
    On the Google Chrome browser I've noticed Pirate Bay & a Torrent tab or two.
    In my opinion, if its not good, it should be gone. :)
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We'll work on it.

    MBAM log is incorrect.
    You posted "protection" log instead of "scan" log.
     
  21. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Will post correct log shortly.:)
     
  22. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/8/2015
    Scan Time: 9:52 PM
    Logfile: mbamtwo.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.07.08.08
    Rootkit Database: v2015.07.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Raphael's Dad

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336458
    Time Elapsed: 28 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 4
    PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, Quarantined, [eb6dd30c4545b77fff6b9af4cf353cc4],
    PUP.Optional.ProPCCleaner.C, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, Quarantined, [0b4d30af038713234525890552b2b947],
    PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}, Quarantined, [a5b3c8179af0de588d6165256c987888],
    PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\WOW6432NODE\PRO PC CLEANER\Pro PC Cleaner, Quarantined, [401807d8b3d7ce68a3f8840b43c1847c],

    Registry Values: 1
    PUP.Optional.ProPCCleaner.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}|DisplayName, Pro PC Cleaner, Quarantined, [a5b3c8179af0de588d6165256c987888]

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.UpdateProc.A, C:\Users\Raphael's Dad\AppData\Roaming\UpdaterEX\UpdateProc, Quarantined, [2e2a3ca3a4e6d165f91b3ac5748e6b95],
    PUP.Optional.UpdateProc.A, C:\Users\Raphael's Dad\AppData\Roaming\UpdaterEX, Quarantined, [2e2a3ca3a4e6d165f91b3ac5748e6b95],
    PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [0355ae31f793c472d95531d117ec50b0],

    Files: 9
    Trojan.Agent, C:\oqnqso.exe, Quarantined, [4810904f7c0ecf671f7c0938c13fdf21],
    Trojan.Dropper, C:\haypsixd.exe, Quarantined, [2335716e3159fe38d7d176ef8d73fa06],
    PUP.Optional.UpdateProc.A, C:\Users\Raphael's Dad\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [2e2a3ca3a4e6d165f91b3ac5748e6b95],
    PUP.Optional.UpdateProc.A, C:\Users\Raphael's Dad\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [2e2a3ca3a4e6d165f91b3ac5748e6b95],
    PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [0355ae31f793c472d95531d117ec50b0],
    PUP.Optional.Mindspark.A, C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_packagetracer.dl.tb.ask.com_0.localstorage, Quarantined, [88d06e71d8b238fe3edf73110ef6659b],
    PUP.Optional.Mindspark.A, C:\Users\Raphael's Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_packagetracer.dl.tb.ask.com_0.localstorage-journal, Quarantined, [40188d5245450d29f4292262b74da25e],
    PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Popup, Quarantined, [c7917d62dbaf0f271588f494f4101be5],
    PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Start, Quarantined, [5efaf0ef8703a690afee3f49ad571de3],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  24. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,593   +335

    ComboFix 15-07-08.01 - Raphael's Dad 07/09/2015 16:55:55.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1063 [GMT -7:00]
    Running from: c:\users\Raphael's Dad\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\C__Users_jophine_AppData_Local_Temp_ir_ext_temp_0_AutoPlay_Docs_Crack_HideIPEasy.exe
    c:\c__users_jophine_appdata_local_temp_ir_ext_temp_0_autoplay_docs_crack_hideipeasy.exe\UserFlag.ini
    C:\C__Users_jophine_AppData_Local_Temp_ir_ext_temp_1_AutoPlay_Docs_Crack_HideIPEasy.exe
    c:\c__users_jophine_appdata_local_temp_ir_ext_temp_1_autoplay_docs_crack_hideipeasy.exe\UserFlag.ini
    C:\C__Users_jophine_Downloads_Hide IP Easy v5.0.3.6 [h33t.com] Full_Crack_HideIPEasy.exe
    c:\c__users_jophine_downloads_hide ip easy v5.0.3.6 [h33t.com] full_crack_hideipeasy.exe\UserFlag.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-06-10 to 2015-07-10 )))))))))))))))))))))))))))))))
    .
    .
    2015-07-10 00:08 . 2015-07-10 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-07-09 12:58 . 2015-07-09 12:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2015-07-09 12:12 . 2015-07-09 12:12 -------- d-----w- C:\RegBackup
    2015-07-09 11:39 . 2015-07-09 11:43 -------- d-----w- C:\AdwCleaner
    2015-07-09 03:47 . 2015-07-09 03:47 -------- d-s---w- c:\windows\system32\CompatTel
    2015-07-09 03:47 . 2015-07-09 03:47 -------- d-----w- c:\windows\system32\appraiser
    2015-07-09 03:45 . 2015-07-09 03:58 -------- d-s---w- c:\windows\system32\GWX
    2015-07-09 03:45 . 2015-07-09 03:45 -------- d-s---w- c:\windows\SysWow64\GWX
    2015-07-09 03:45 . 2015-07-09 03:45 -------- d-----w- c:\windows\Migration
    2015-07-09 01:23 . 2015-07-09 01:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F4F882F-4650-47F4-B3C9-CC07F0425050}\offreg.4856.dll
    2015-07-09 00:10 . 2015-07-09 04:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-07-09 00:09 . 2015-07-09 01:19 -------- d-----w- c:\programdata\RogueKiller
    2015-07-08 23:13 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
    2015-07-08 23:13 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2015-07-08 22:14 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
    2015-07-08 22:14 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
    2015-07-08 22:14 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
    2015-07-08 22:14 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
    2015-07-08 22:14 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
    2015-07-08 22:14 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
    2015-07-08 22:14 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
    2015-07-08 22:11 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
    2015-07-08 22:11 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2015-07-08 22:06 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe
    2015-07-08 22:06 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
    2015-07-08 22:06 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
    2015-07-08 22:06 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
    2015-07-08 22:06 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
    2015-07-08 22:06 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
    2015-07-08 22:06 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
    2015-07-08 22:06 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
    2015-07-08 21:50 . 2015-02-03 03:29 8704 ----a-w- c:\windows\system32\pcaevts.dll
    2015-07-08 21:50 . 2015-02-03 03:28 2048 ----a-w- c:\windows\system32\mferror.dll
    2015-07-08 21:50 . 2015-02-03 03:09 2048 ----a-w- c:\windows\SysWow64\mferror.dll
    2015-07-08 21:49 . 2015-06-24 08:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F4F882F-4650-47F4-B3C9-CC07F0425050}\mpengine.dll
    2015-07-08 21:43 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
    2015-07-08 21:42 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
    2015-07-08 21:42 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
    2015-07-08 21:42 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
    2015-07-08 21:42 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
    2015-07-08 21:42 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
    2015-07-08 21:42 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
    2015-07-08 21:40 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2015-07-08 21:40 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2015-07-08 21:40 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2015-07-08 21:40 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2015-07-08 21:39 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2015-07-08 21:39 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2015-07-08 21:39 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-08 21:39 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-08 21:39 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-07-08 21:37 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2015-07-08 21:37 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2015-07-08 21:37 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2015-07-08 21:37 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
    2015-07-08 21:37 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2015-07-08 21:37 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2015-07-08 21:37 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2015-07-08 21:36 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2015-07-08 21:36 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2015-07-08 21:36 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
    2015-07-08 21:36 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2015-07-08 21:36 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2015-07-08 21:34 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
    2015-07-08 21:34 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2015-07-08 21:34 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2015-07-08 21:34 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2015-07-08 21:34 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
    2015-07-08 21:34 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-07-08 21:34 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2015-07-08 21:34 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2015-07-08 21:34 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
    2015-07-08 21:32 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2015-07-08 21:31 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2015-07-08 21:30 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2015-07-08 21:29 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2015-07-08 21:28 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
    2015-07-08 21:28 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2015-07-08 21:28 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
    2015-07-08 21:28 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
    2015-07-08 21:28 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
    2015-07-08 21:28 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2015-07-08 21:28 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
    2015-07-08 21:18 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2015-07-08 21:18 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2015-07-08 21:18 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2015-07-08 21:17 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2015-07-08 21:17 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2015-07-08 21:17 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2015-07-08 21:17 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-07-08 21:17 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-07-08 21:17 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-07-08 19:56 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2015-07-08 19:56 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2015-07-08 19:56 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2015-07-08 19:56 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2015-07-08 19:56 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2015-07-08 19:56 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2015-07-08 19:56 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2015-07-08 19:56 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
    2015-07-08 19:55 . 2015-01-30 23:56 459336 ----a-w- c:\windows\system32\drivers\cng.sys
    2015-07-08 19:54 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
    2015-07-08 19:54 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2015-07-08 19:54 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2015-07-08 19:52 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
    2015-07-08 19:52 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2015-07-08 19:52 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2015-07-08 19:52 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
    2015-07-08 19:52 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
    2015-07-08 19:52 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2015-07-08 19:49 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2015-07-08 19:49 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2015-07-08 19:49 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    2015-07-08 19:49 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-07-08 19:49 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2015-07-08 19:49 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
    2015-07-08 19:49 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
    2015-07-08 19:49 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2015-07-08 19:49 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
    2015-07-08 19:49 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
    2015-07-08 19:47 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
    2015-07-08 19:47 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-07-08 19:47 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
    2015-07-08 19:47 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
    2015-07-08 19:47 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-23 20:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
    2015-05-25 18:01 . 2015-07-08 21:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\users\Raphael's Dad\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-05-12 1696104]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-02-26 31346784]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-02 46952]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2014-05-23 139776]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2014-05-22 4513792]
    "BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-03-07 1944576]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-08 5515496]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
    .
    c:\users\Raphael's Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
    S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys;c:\windows\SYSNATIVE\DRIVERS\b44amd64.sys [x]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-07-08 02:24 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-20 23:02]
    .
    2015-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-20 23:02]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-07-08 15:18 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 169768]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
    FF - ProfilePath - c:\users\Raphael's Dad\AppData\Roaming\Mozilla\Firefox\Profiles\j2dws978.default\
    FF - prefs.js: browser.startup.homepage - www.kirotv.com
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-07-09 17:16:43
    ComboFix-quarantined-files.txt 2015-07-10 00:16
    .
    Pre-Run: 18,657,140,736 bytes free
    Post-Run: 20,349,566,976 bytes free
    .
    - - End Of File - - AF26668C1F1A4A43F01C090AE5317417
    A36C5E4F47E84449FF07ED3517B43A31
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...