Solved My FUBAR

tomclark · May 14, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Tom (administrator) on TOM-PC on 14-05-2015 13:18:46
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Promise Technology INC) C:\Windows\SysWOW64\BeepApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\MountPoints2: {2bed5898-8de6-11e0-a2fb-0024e819d949} - J:\LaunchU3.exe -a
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\MountPoints2: {31b627d4-60f0-11e4-803e-0024e819d949} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> DefaultScope {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-24] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157
FF DefaultSearchEngine.US: Google
FF Homepage: https://flipboard.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-15]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-01] (Avast Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-03] (REALiX(tm))
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-05-01] (Avast Software)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 13:18 - 2015-05-14 13:19 - 00012956 _____ () C:\Users\Tom\Downloads\FRST.txt.txt
2015-05-14 13:18 - 2015-05-14 13:18 - 00000000 ____D () C:\FRST
2015-05-14 13:02 - 2015-05-14 13:02 - 02105856 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2015-05-13 16:41 - 2015-05-14 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-13 16:41 - 2015-05-13 16:41 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-13 16:23 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-13 16:23 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-13 16:23 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-13 16:23 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-13 16:23 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 16:23 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 16:23 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 16:23 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 16:23 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 16:23 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 16:23 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:14 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:14 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:04 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:04 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-13 07:51 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:51 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:51 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:51 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:51 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:51 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:51 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:51 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 07:51 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 07:51 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 07:51 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 07:51 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 07:50 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:50 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:50 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:50 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:50 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:50 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 07:50 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 07:50 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 07:50 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 07:50 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 07:50 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 07:50 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 07:50 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 07:50 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-04 17:50 - 2015-05-04 17:51 - 00000368 _____ () C:\Users\Tom\Documents\cc_20150504_175057.reg
2015-05-04 17:47 - 2015-05-04 17:47 - 06484352 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup505.exe
2015-05-01 07:30 - 2015-05-01 07:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 07:30 - 2015-05-01 07:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-23 00:03 - 2015-04-23 00:03 - 00001328 _____ () C:\Users\Tom\Documents\cc_20150423_000314.reg
2015-04-21 19:48 - 2015-04-21 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-18 18:11 - 2015-04-18 18:11 - 00000420 _____ () C:\Users\Tom\Documents\cc_20150418_181114.reg
2015-04-15 10:34 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:34 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:33 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:33 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:33 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:33 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:33 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:33 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:33 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:33 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:33 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:33 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:33 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:33 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:23 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:23 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:23 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:22 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:22 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-04-14 02:26 - 2015-04-14 02:26 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-14 02:26 - 2015-04-14 02:26 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 12:48 - 2011-10-18 13:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 12:28 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 12:28 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 11:48 - 2011-10-18 13:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 07:40 - 2008-01-20 21:53 - 01197864 ____N () C:\Windows\WindowsUpdate.log
2015-05-13 16:42 - 2011-06-15 18:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-13 16:41 - 2012-06-14 17:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 16:41 - 2011-06-04 09:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 16:34 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 16:28 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 16:28 - 2006-11-02 11:21 - 00234888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 16:26 - 2011-05-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 16:26 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 16:24 - 2006-11-02 11:42 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 16:21 - 2014-10-02 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:16 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 10:04 - 2011-05-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 10:04 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-13 07:44 - 2015-03-24 22:24 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Tom
2015-05-13 07:44 - 2010-10-27 18:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
2015-05-13 07:37 - 2014-10-02 10:25 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-11 18:47 - 2015-02-03 23:21 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-06 18:23 - 2015-02-23 16:20 - 00000000 ____D () C:\Users\Tom\Desktop\Pics
2015-05-04 17:48 - 2014-10-02 13:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-01 07:30 - 2014-10-03 08:03 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-01 07:30 - 2014-10-03 08:00 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 07:30 - 2014-10-03 08:00 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 07:30 - 2011-06-15 19:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-24 16:05 - 2014-10-02 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-15 10:31 - 2014-10-02 14:50 - 00752894 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-14 04:35

==================== End Of Log ============================

tomclark · May 14, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Tom at 2015-05-14 13:19:28
Running from C:\Users\Tom\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3455538325-3860738269-3256896585-500 - Administrator - Disabled)
Guest (S-1-5-21-3455538325-3860738269-3256896585-501 - Limited - Disabled)
Tom (S-1-5-21-3455538325-3860738269-3256896585-1000 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D7F8784-001D-38D6-DCC6-5174D250C811}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Dropbox (HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge TV Tuner Driver (x32 Version: 2.1.26057 - Hauppauge Computer Works) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
KeePass Password Safe 1.19b (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.19b - Dominik Reichl)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

21-04-2015 07:37:00 Windows Update
22-04-2015 00:00:00 Scheduled Checkpoint
23-04-2015 01:02:14 Scheduled Checkpoint
24-04-2015 00:00:00 Scheduled Checkpoint
24-04-2015 18:46:01 Scheduled Checkpoint
26-04-2015 00:00:01 Scheduled Checkpoint
27-04-2015 09:20:15 Scheduled Checkpoint
28-04-2015 00:00:00 Scheduled Checkpoint
28-04-2015 06:34:02 Windows Update
29-04-2015 08:55:19 Scheduled Checkpoint
30-04-2015 00:00:00 Scheduled Checkpoint
01-05-2015 07:29:31 avast! antivirus system restore point
02-05-2015 00:00:00 Scheduled Checkpoint
03-05-2015 00:00:00 Scheduled Checkpoint
04-05-2015 09:33:45 Scheduled Checkpoint
05-05-2015 00:00:00 Scheduled Checkpoint
05-05-2015 02:25:28 Windows Update
05-05-2015 19:13:32 Scheduled Checkpoint
06-05-2015 19:53:10 Scheduled Checkpoint
07-05-2015 09:19:01 Scheduled Checkpoint
08-05-2015 00:00:00 Scheduled Checkpoint
08-05-2015 02:26:26 Windows Update
09-05-2015 08:55:46 Scheduled Checkpoint
10-05-2015 08:53:49 Scheduled Checkpoint
11-05-2015 00:00:00 Scheduled Checkpoint
11-05-2015 19:34:16 Scheduled Checkpoint
12-05-2015 08:02:23 Windows Update
13-05-2015 09:15:05 Scheduled Checkpoint
13-05-2015 10:03:04 Windows Update
14-05-2015 00:00:00 Scheduled Checkpoint
14-05-2015 03:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2012-03-20 10:46 - 00427011 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00F8BA34-BB22-478B-9001-02E926F2103B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {06811054-C2F8-4AD3-9D10-7268E1A0A781} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {0A71E32B-FF71-4281-85A2-92F0609256D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe
Task: {1F7A3312-998E-4E4D-BFA2-82A9AB99D98E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {276173D9-E46B-4991-AE6D-5149592BB073} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe
Task: {282D1BEB-D5A1-4CBA-A8A0-EBDF4CBCE2DB} - System32\Tasks\Uninstaller_SkipUac_Tom => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {2AE73E10-53B2-4439-AB31-69CE5F501635} - System32\Tasks\ASC8_SkipUac_Tom => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {5B689E22-0E70-4499-A720-CC1E31ADA713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {CE56ADDE-9BA9-4B24-AC0B-A13C0421619F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FBDDED8F-2C5C-4D88-9A5A-5097C8DC8439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-03-16 03:47 - 2009-03-16 03:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2010-10-26 15:54 - 2009-06-14 22:11 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2008-11-18 16:25 - 2008-11-18 16:25 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-26 15:58 - 2010-10-26 15:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-03-16 03:47 - 2009-03-16 03:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 03:47 - 2009-03-16 03:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2015-03-17 08:23 - 2015-05-01 07:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-03-17 08:23 - 2015-05-01 07:30 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-05-13 16:03 - 2015-05-13 16:03 - 02927616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051302\algo.dll
2015-05-14 04:44 - 2015-05-14 04:44 - 02928128 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051400\algo.dll
2009-03-05 22:00 - 2009-03-05 22:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-10-03 08:02 - 2015-03-17 08:23 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-03-24 22:24 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-24 22:24 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-24 22:24 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-04-20 07:54 - 2015-04-20 07:54 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7526 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 65.32.5.111 - 65.32.5.112

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DellSystemDetect => C:\Users\Tom\AppData\Local\Apps\2.0\CA6D4LX9.7WD\PGKW1G3A.05E\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D1E89A07-AFA7-40F6-84F5-D5B128206903}] => (Allow) LPort=80
FirewallRules: [{3256CC47-8633-445B-81EE-7285DBEE8E4C}] => (Allow) LPort=80
FirewallRules: [{02D616DC-AC5C-4FFD-9028-CAD917458AEC}] => (Allow) LPort=80
FirewallRules: [{BA4244BF-6DFE-4F2E-BC15-8C552C74BE3C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1ED82812-6898-48EC-B69F-FF492103C76C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7E1051F0-643E-42AF-81AF-253E4B069C6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{70633F8F-1E2A-49DE-B600-E9781289224C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FFD5D0AD-4201-41B9-801A-0055AA56F4B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{849AE588-0614-4186-B2D7-85BC041D9573}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B5BA5A1-5F48-4A28-B0DE-33316E10ECF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5A56C34D-C37C-4097-96A5-893260C844C4}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{2E056CD9-2E98-4626-BBE3-C039D967AFB0}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020

Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (05/13/2015 10:13:50 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 - Update 'KB3048077' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB3048077_20150513_100503656-Microsoft .NET Framework 4.5.2-MSP0.txt.

Error: (05/13/2015 10:09:40 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 -- Error 1921. Service 'Microsoft .NET Framework NGEN v4.0.30319_X86' (clr_optimization_v4.0.30319_32) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (05/13/2015 07:36:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 07:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 06:47:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 08:15:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/13/2015 04:42:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (05/13/2015 04:42:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (05/13/2015 04:42:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/13/2015 04:28:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/13/2015 10:13:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows Vista and Windows Server 2008 x64 (KB3048077){71CF1E34-7804-44EA-ADA7-1A1E5E1EBB8A}203

Error: (05/13/2015 07:37:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/12/2015 07:56:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/11/2015 06:47:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/10/2015 08:15:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/10/2015 08:14:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:16:15 PM on 5/9/2015 was unexpected.

Microsoft Office Sessions:
=========================
Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (05/13/2015 10:13:50 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 4.5.2KB30480771603C:\Windows\TEMP\KB3048077_20150513_100503656-Microsoft .NET Framework 4.5.2-MSP0.txt(NULL)

Error: (05/13/2015 10:09:40 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4.5.2 -- Error 1921. Service 'Microsoft .NET Framework NGEN v4.0.30319_X86' (clr_optimization_v4.0.30319_32) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)

Error: (05/13/2015 07:36:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2015 07:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2015 06:47:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2015 08:15:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2012-06-18 17:47:20.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:19.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:19.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:19.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:18.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:18.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:18.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:17.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:17.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-18 17:47:17.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) 8450e Triple-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 7934.2 MB
Available physical RAM: 5596.51 MB
Total Pagefile: 16084.93 MB
Available Pagefile: 13640.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.15 GB) (Free:417.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Lexar) (Removable) (Total:29.8 GB) (Free:4.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: EEE20903)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End Of Log ============================

Older computer many problems.... you folks are awesome. Thanx.

Broni · May 14, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================

You're not saying what your computer issues are.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

tomclark · May 14, 2015

The machine has been running internet slower and slower. Internet freezes (firefox, often plugin-container.exe!) I have been having to click twice on links and submit buttons. I am not that savvy but I fear there are too many background programs running. Should have plenty of RAM and speed. This machine has been in storage a few years and was "clean" when I put it away, fast.
Here are my scans as directed I hope, thanks!

RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Tom [Administrator]
Started from : C:\Users\Tom\Downloads\RogueKiller.exe
Mode : Delete -- Date : 05/14/2015 18:58:50

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 9ge7wrjy.default-1426779424157 : user_pref("browser.startup.homepage", "https://flipboard.com/"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] b4146a9a0f1a7820047d3d655ec13048
[BSP] c8d8c1fc274e10f24025e399ece7e81d : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610461 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_05142015_185719.log

Malwarebytes Anti-Malwarewww.malwarebytes.org

Scan Date: 5/14/2015
Scan Time: 7:04:23 PM
Logfile: MWBscan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.14.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Tom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344265
Time Elapsed: 12 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

# AdwCleaner v4.204 - Logfile created 14/05/2015 at 19:38:26
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Tom\Favorites\Coupons
[!] Folder Deleted : C:\Users\Tom\Favorites\Coupons

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16644

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

-\\ Google Chrome v42.0.2311.135

*************************

AdwCleaner[R0].txt - [895 bytes] - [14/05/2015 19:27:33]
AdwCleaner[R1].txt - [953 bytes] - [14/05/2015 19:36:50]
AdwCleaner[S0].txt - [891 bytes] - [14/05/2015 19:38:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [949 bytes] ##########

Junkware Removal Tool (JRT) by ThisisuVersion: 6.7.1 (05.14.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Tom on Thu 05/14/2015 at 19:46:26.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Tom\appdata\locallow\pcdr
Successfully deleted: [Folder] C:\Users\Tom\AppData\Roaming\pcdr

~~~ FireFox

Successfully deleted the following from C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\9ge7wrjy.default-1426779424157\prefs.js

user_pref(extensions.iobitascsurfingprotection@iobit.com.install-event-fired, true);
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\9ge7wrjy.default-1426779424157\minidumps [1 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/14/2015 at 19:51:06.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · May 14, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

tomclark · May 17, 2015

I'm getting scared about all the programs left on my computer, lol. Here be the ComboFix Scan results:

ComboFix 15-05-13.01 - Tom 05/17/2015 12:54:47.1.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5774 [GMT -4:00]
Running from: c:\users\Tom\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-04-17 to 2015-05-17 )))))))))))))))))))))))))))))))
.
.
2015-05-17 17:01 . 2015-05-17 17:01 -------- d-----w- c:\users\Tom\AppData\Local\temp
2015-05-17 17:01 . 2015-05-17 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-17 11:24 . 2015-05-17 11:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D53FB6A-3814-4F98-BEC4-4D7BDFFC4BD2}\offreg.dll
2015-05-15 06:07 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D53FB6A-3814-4F98-BEC4-4D7BDFFC4BD2}\mpengine.dll
2015-05-14 23:46 . 2015-05-14 23:46 -------- d-----w- C:\RegBackup
2015-05-14 23:27 . 2015-05-14 23:38 -------- d-----w- C:\AdwCleaner
2015-05-14 23:04 . 2015-05-14 23:04 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 23:03 . 2015-05-14 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-14 23:03 . 2015-05-14 23:03 -------- d-----w- c:\programdata\Malwarebytes
2015-05-14 23:03 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-14 23:03 . 2015-04-14 13:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-14 23:03 . 2015-04-14 13:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-14 22:51 . 2015-05-14 22:51 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-14 22:51 . 2015-05-14 23:01 -------- d-----w- c:\programdata\RogueKiller
2015-05-14 18:12 . 2015-05-14 18:12 -------- d-----w- c:\program files\Speccy
2015-05-14 17:18 . 2015-05-14 17:20 -------- d-----w- C:\FRST
2015-05-13 17:15 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 17:15 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-05-13 17:15 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 17:15 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-05-13 17:15 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 17:15 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-05-13 17:14 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-13 17:14 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-05-13 14:04 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-05-13 14:04 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-05-13 14:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:50 . 2015-04-09 23:46 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2015-05-01 11:30 . 2015-05-01 11:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-01 11:30 . 2015-05-01 11:30 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 20:41 . 2012-06-14 21:35 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-13 20:41 . 2011-06-04 13:13 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-13 20:16 . 2006-11-02 12:35 140425016 ----a-w- c:\windows\system32\mrt.exe
2015-05-01 11:30 . 2014-10-03 12:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-01 11:30 . 2014-10-03 12:00 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-01 11:30 . 2014-10-03 12:00 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-01 11:30 . 2010-10-26 20:00 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-01 11:30 . 2010-10-26 20:00 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-05-01 11:30 . 2010-10-26 20:00 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-05-01 11:30 . 2010-10-26 20:00 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-01 11:30 . 2011-06-15 23:31 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-03-25 02:29 . 2015-03-25 02:29 797400 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2015-03-25 02:29 . 2015-03-25 02:29 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-03-25 02:29 . 2010-01-05 20:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2015-03-14 02:22 . 2015-04-15 14:33 1585248 ----a-w- c:\windows\system32\ntdll.dll
2015-03-14 02:22 . 2015-04-15 14:33 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-13 01:44 . 2015-04-15 14:33 4691384 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-13 01:44 . 2015-04-15 14:33 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-03-13 01:44 . 2015-04-15 14:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-03-13 01:43 . 2015-04-15 14:33 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-13 01:30 . 2015-04-15 14:33 17408 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-13 01:30 . 2015-04-15 14:33 301568 ----a-w- c:\windows\system32\wow64win.dll
2015-03-13 01:30 . 2015-04-15 14:33 234496 ----a-w- c:\windows\system32\wow64.dll
2015-03-13 01:30 . 2015-04-15 14:33 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-13 00:08 . 2015-04-15 14:33 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2015-03-13 00:08 . 2015-04-15 14:33 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-03-13 00:08 . 2015-04-15 14:33 2560 ----a-w- c:\windows\SysWow64\user.exe
2015-03-09 01:01 . 2015-04-15 14:22 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-09 00:40 . 2015-04-15 14:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-03-05 02:25 . 2015-04-15 14:34 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-05 02:23 . 2015-04-15 14:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-05 02:14 . 2015-04-15 14:23 360384 ----a-w- c:\windows\system32\clfs.sys
2015-03-05 01:58 . 2015-04-15 14:34 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 01:58 . 2015-04-15 14:23 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-02-24 08:17 . 2010-10-27 02:21 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 02:03 . 2015-03-10 21:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 01:44 . 2015-03-10 21:18 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 00:39 . 2015-03-10 21:18 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 00:28 . 2015-03-10 21:18 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-18 01:42 . 2015-03-10 21:14 12899840 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-05-11 5515496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-15 03:49 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 20:41]
.
2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 22:31]
.
2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-03-25 02:24 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-01 11:30 722400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157\
FF - prefs.js: browser.startup.homepage - hxxps://flipboard.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-05-17 13:06:34
ComboFix-quarantined-files.txt 2015-05-17 17:06
.
Pre-Run: 450,647,121,920 bytes free
Post-Run: 450,497,363,968 bytes free
.
- - End Of File - - 28931867934380EF984CA8A74FF4C121
5C616939100B85E558DA92B899A0FC36

Broni · May 17, 2015

We'll remove all those programs at the end of this topic.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

tomclark · May 17, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Tom (administrator) on TOM-PC on 17-05-2015 21:03:57
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Promise Technology INC) C:\Windows\SysWOW64\BeepApp.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-24] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157
FF DefaultSearchEngine.US: Google
FF Homepage: https://flipboard.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-15]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-01] (Avast Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
S1 Beep; No ImagePath
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-03] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-14] ()
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-05-01] (Avast Software)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 21:03 - 2015-05-17 21:04 - 00013359 _____ () C:\Users\Tom\Downloads\FRST.txt
2015-05-17 21:03 - 2015-05-17 21:03 - 00000000 ____D () C:\Users\Tom\Downloads\FRST-OlderVersion
2015-05-17 13:30 - 2015-05-17 13:30 - 00000546 _____ () C:\Windows\PFRO.log
2015-05-17 13:21 - 2015-05-17 13:21 - 00019292 _____ () C:\Users\Tom\Desktop\combofixtom.txt
2015-05-17 13:06 - 2015-05-17 13:06 - 00019292 _____ () C:\ComboFix.txt
2015-05-17 12:53 - 2015-05-17 13:06 - 00000000 ____D () C:\Qoobox
2015-05-17 12:53 - 2015-05-17 13:06 - 00000000 ____D () C:\ComboFix
2015-05-17 12:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-17 12:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-17 12:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-17 12:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-17 12:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-17 12:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-17 12:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-17 12:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-17 12:52 - 2015-05-17 13:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-17 08:10 - 2015-05-17 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 22:49 - 2015-05-14 22:50 - 05623645 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
2015-05-14 19:51 - 2015-05-14 19:51 - 00001333 _____ () C:\Users\Tom\Desktop\JRT.txt
2015-05-14 19:46 - 2015-05-14 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOM-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-14 19:46 - 2015-05-14 19:46 - 00000000 ____D () C:\RegBackup
2015-05-14 19:44 - 2015-05-14 19:44 - 02721175 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe
2015-05-14 19:27 - 2015-05-14 19:38 - 00000000 ____D () C:\AdwCleaner
2015-05-14 19:20 - 2015-05-14 19:21 - 02209792 _____ () C:\Users\Tom\Downloads\adwcleaner_4.204.exe
2015-05-14 19:17 - 2015-05-14 19:17 - 00001062 _____ () C:\Users\Tom\Desktop\MWBscan.txt
2015-05-14 19:04 - 2015-05-14 19:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-14 19:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-14 19:03 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-14 19:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-14 19:01 - 2015-05-14 19:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tom\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-14 18:51 - 2015-05-14 19:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-14 18:51 - 2015-05-14 18:51 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-14 18:49 - 2015-05-14 18:51 - 16971864 _____ () C:\Users\Tom\Downloads\RogueKiller.exe
2015-05-14 16:18 - 2015-05-14 16:18 - 00014380 _____ () C:\Users\Tom\Documents\cc_20150514_161801.reg
2015-05-14 15:04 - 2015-05-14 15:04 - 00326845 _____ () C:\Users\Tom\Desktop\SpeccyTom.txt
2015-05-14 14:15 - 2015-05-14 14:15 - 00326845 _____ () C:\Users\Tom\Desktop\TOM-PCspeccy.txt
2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\Program Files\Speccy
2015-05-14 14:11 - 2015-05-14 14:12 - 05127432 _____ (Piriform Ltd) C:\Users\Tom\Downloads\spsetup128.exe
2015-05-14 13:19 - 2015-05-14 13:20 - 00031147 _____ () C:\Users\Tom\Downloads\Addition.txt
2015-05-14 13:18 - 2015-05-17 21:03 - 00000000 ____D () C:\FRST
2015-05-14 13:02 - 2015-05-17 21:03 - 02107392 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
2015-05-13 16:41 - 2015-05-17 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-13 16:41 - 2015-05-13 16:41 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-13 16:23 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-13 16:23 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-13 16:23 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-13 16:23 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-13 16:23 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-13 16:23 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 16:23 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 16:23 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 16:23 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 16:23 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 16:23 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 16:23 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 16:23 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:14 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 13:14 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:04 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:04 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-13 07:51 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:51 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:51 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:51 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:51 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:51 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:51 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:51 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 07:51 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 07:51 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 07:51 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 07:51 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 07:51 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 07:50 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:50 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:50 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:50 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:50 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 07:50 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:50 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 07:50 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 07:50 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 07:50 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 07:50 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 07:50 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 07:50 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 07:50 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 07:50 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 07:50 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 07:50 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-04 17:50 - 2015-05-04 17:51 - 00000368 _____ () C:\Users\Tom\Documents\cc_20150504_175057.reg
2015-05-04 17:47 - 2015-05-04 17:47 - 06484352 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup505.exe
2015-05-01 07:30 - 2015-05-01 07:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-01 07:30 - 2015-05-01 07:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-23 00:03 - 2015-04-23 00:03 - 00001328 _____ () C:\Users\Tom\Documents\cc_20150423_000314.reg
2015-04-18 18:11 - 2015-04-18 18:11 - 00000420 _____ () C:\Users\Tom\Documents\cc_20150418_181114.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 20:53 - 2011-10-18 13:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 19:30 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 19:30 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 13:36 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 13:35 - 2008-01-20 21:53 - 01280487 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 13:30 - 2014-10-02 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 13:30 - 2014-10-02 10:25 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-17 13:30 - 2011-10-18 13:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 13:30 - 2006-11-02 11:42 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-17 13:30 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 13:06 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2015-05-17 13:01 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-15 09:48 - 2011-10-18 13:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 09:48 - 2011-10-18 13:18 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 22:16 - 2015-03-11 09:28 - 00000000 ____D () C:\Users\Tom\Desktop\Heidi
2015-05-13 16:42 - 2011-06-15 18:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-13 16:41 - 2012-06-14 17:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 16:41 - 2011-06-04 09:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 16:28 - 2006-11-02 11:21 - 00234888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 16:26 - 2011-05-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 16:26 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 16:21 - 2014-10-02 13:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 16:16 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 10:04 - 2011-05-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 10:04 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-13 07:44 - 2015-03-24 22:24 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Tom
2015-05-13 07:44 - 2010-10-27 18:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
2015-05-11 18:47 - 2015-02-03 23:21 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-06 18:23 - 2015-02-23 16:20 - 00000000 ____D () C:\Users\Tom\Desktop\Pics
2015-05-04 17:48 - 2014-10-02 13:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-01 07:30 - 2014-10-03 08:03 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-01 07:30 - 2014-10-03 08:00 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-01 07:30 - 2014-10-03 08:00 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-01 07:30 - 2011-06-15 19:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-05-01 07:30 - 2010-10-26 16:00 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys

==================== Files in the root of some directories =======

2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-17 13:36

==================== End Of Log ============================

tomclark · May 17, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Tom at 2015-05-17 21:04:49
Running from C:\Users\Tom\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3455538325-3860738269-3256896585-500 - Administrator - Disabled)
Guest (S-1-5-21-3455538325-3860738269-3256896585-501 - Limited - Disabled)
Tom (S-1-5-21-3455538325-3860738269-3256896585-1000 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D7F8784-001D-38D6-DCC6-5174D250C811}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Dropbox (HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge TV Tuner Driver (x32 Version: 2.1.26057 - Hauppauge Computer Works) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
KeePass Password Safe 1.19b (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.19b - Dominik Reichl)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

24-04-2015 18:46:01 Scheduled Checkpoint
26-04-2015 00:00:01 Scheduled Checkpoint
27-04-2015 09:20:15 Scheduled Checkpoint
28-04-2015 00:00:00 Scheduled Checkpoint
28-04-2015 06:34:02 Windows Update
29-04-2015 08:55:19 Scheduled Checkpoint
30-04-2015 00:00:00 Scheduled Checkpoint
01-05-2015 07:29:31 avast! antivirus system restore point
02-05-2015 00:00:00 Scheduled Checkpoint
03-05-2015 00:00:00 Scheduled Checkpoint
04-05-2015 09:33:45 Scheduled Checkpoint
05-05-2015 00:00:00 Scheduled Checkpoint
05-05-2015 02:25:28 Windows Update
05-05-2015 19:13:32 Scheduled Checkpoint
06-05-2015 19:53:10 Scheduled Checkpoint
07-05-2015 09:19:01 Scheduled Checkpoint
08-05-2015 00:00:00 Scheduled Checkpoint
08-05-2015 02:26:26 Windows Update
09-05-2015 08:55:46 Scheduled Checkpoint
10-05-2015 08:53:49 Scheduled Checkpoint
11-05-2015 00:00:00 Scheduled Checkpoint
11-05-2015 19:34:16 Scheduled Checkpoint
12-05-2015 08:02:23 Windows Update
13-05-2015 09:15:05 Scheduled Checkpoint
13-05-2015 10:03:04 Windows Update
14-05-2015 00:00:00 Scheduled Checkpoint
14-05-2015 03:00:10 Windows Update
14-05-2015 23:17:59 Scheduled Checkpoint
15-05-2015 14:55:33 Scheduled Checkpoint
16-05-2015 09:10:31 Scheduled Checkpoint
17-05-2015 07:55:38 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2012-03-20 10:46 - 00427011 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00F8BA34-BB22-478B-9001-02E926F2103B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {06811054-C2F8-4AD3-9D10-7268E1A0A781} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {0A71E32B-FF71-4281-85A2-92F0609256D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {1F7A3312-998E-4E4D-BFA2-82A9AB99D98E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {276173D9-E46B-4991-AE6D-5149592BB073} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {282D1BEB-D5A1-4CBA-A8A0-EBDF4CBCE2DB} - System32\Tasks\Uninstaller_SkipUac_Tom => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {2AE73E10-53B2-4439-AB31-69CE5F501635} - System32\Tasks\ASC8_SkipUac_Tom => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {5B689E22-0E70-4499-A720-CC1E31ADA713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {CE56ADDE-9BA9-4B24-AC0B-A13C0421619F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FBDDED8F-2C5C-4D88-9A5A-5097C8DC8439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-10-26 15:54 - 2009-06-14 22:11 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2010-10-27 18:44 - 2008-03-17 17:50 - 00072192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-10-27 18:44 - 2009-01-06 17:11 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-10-27 18:44 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-03-16 03:47 - 2009-03-16 03:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2008-11-18 16:25 - 2008-11-18 16:25 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-26 15:58 - 2010-10-26 15:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-03-16 03:47 - 2009-03-16 03:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 03:47 - 2009-03-16 03:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2015-03-17 08:23 - 2015-05-01 07:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-03-17 08:23 - 2015-05-01 07:30 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-05-17 13:31 - 2015-05-17 13:31 - 02929664 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051701\algo.dll
2014-10-03 08:02 - 2015-03-17 08:23 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-03-05 22:00 - 2009-03-05 22:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2015-03-24 22:24 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-24 22:24 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-24 22:24 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7525 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 65.32.5.111 - 65.32.5.112

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DellSystemDetect => C:\Users\Tom\AppData\Local\Apps\2.0\CA6D4LX9.7WD\PGKW1G3A.05E\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D1E89A07-AFA7-40F6-84F5-D5B128206903}] => (Allow) LPort=80
FirewallRules: [{3256CC47-8633-445B-81EE-7285DBEE8E4C}] => (Allow) LPort=80
FirewallRules: [{02D616DC-AC5C-4FFD-9028-CAD917458AEC}] => (Allow) LPort=80
FirewallRules: [{BA4244BF-6DFE-4F2E-BC15-8C552C74BE3C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1ED82812-6898-48EC-B69F-FF492103C76C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7E1051F0-643E-42AF-81AF-253E4B069C6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{70633F8F-1E2A-49DE-B600-E9781289224C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FFD5D0AD-4201-41B9-801A-0055AA56F4B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{849AE588-0614-4186-B2D7-85BC041D9573}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A56C34D-C37C-4097-96A5-893260C844C4}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{2E056CD9-2E98-4626-BBE3-C039D967AFB0}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{14208D2F-F879-4123-8A61-3FAE6DFCB5A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 01:30:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 06:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 08:32:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 01:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020

Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

System errors:
=============
Error: (05/17/2015 01:30:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
SBRE

Error: (05/17/2015 01:01:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/17/2015 00:57:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (05/17/2015 06:59:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/16/2015 08:32:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/15/2015 01:33:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/14/2015 08:15:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: SBRE

Error: (05/14/2015 07:47:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Restart the service

Error: (05/14/2015 07:47:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service

Error: (05/14/2015 07:47:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SAMSUNG Mobile Connectivity Service1

Microsoft Office Sessions:
=========================
Error: (05/17/2015 01:30:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 06:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2015 08:32:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2015 01:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2015 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

CodeIntegrity Errors:
===================================
Date: 2015-05-17 21:04:42.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:42.413
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:42.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:41.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:41.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:40.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:40.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:39.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:07.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 21:04:07.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) 8450e Triple-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 7934.2 MB
Available physical RAM: 6132.57 MB
Total Pagefile: 15930.93 MB
Available Pagefile: 14205.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.15 GB) (Free:419.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: EEE20903)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

Broni · May 17, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

tomclark · May 18, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Tom at 2015-05-18 18:04:52 Run:1
Running from C:\Users\Tom\Downloads
Loaded Profiles: Tom (Available profiles: Tom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
S1 Beep; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache
Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {276173D9-E46B-4991-AE6D-5149592BB073} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
Beep => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Users\Tom\AppData\Roaming\MIDIMAST.INI => Moved successfully.
C:\Users\Tom\AppData\Roaming\UserTile.png => Moved successfully.
C:\Users\Tom\AppData\Local\ars.cache => Moved successfully.
C:\Users\Tom\AppData\Local\census.cache => Moved successfully.
C:\Users\Tom\AppData\Local\d3d9caps64.dat => Moved successfully.
C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt => Moved successfully.
C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt => Moved successfully.
C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt => Moved successfully.
C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt => Moved successfully.
C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt => Moved successfully.
C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt => Moved successfully.
C:\Users\Tom\AppData\Local\housecall.guid.cache => Moved successfully.
C:\Users\Tom\AppData\Local\sponge.last.runtime.cache => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{112494DC-AF47-4CCB-B07D-6AC6FDD913A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{112494DC-AF47-4CCB-B07D-6AC6FDD913A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{276173D9-E46B-4991-AE6D-5149592BB073}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{276173D9-E46B-4991-AE6D-5149592BB073}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\Program Files (x86)\Lavasoft => Moved successfully.

==== End of Fixlog 18:04:53 ====

Broni · May 18, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

tomclark · May 21, 2015

Security Check Scan:

Results of screen317's Security Check version 1.002
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Adobe Flash Player 17.0.0.169
Adobe Reader 10.1.14 Adobe Reader out of Date!
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastui.exe
Alwil Software Avast5 ng vbox\AvastVBoxSVC.exe
Alwil Software Avast5 ng ngservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

tomclark · May 21, 2015

FSS Scan:

Farbar Service Scanner Version: 17-01-2015
Ran by Tom (administrator) on 21-05-2015 at 10:50:13
Running from "C:\Users\Tom\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

SOPHOS said was Clean. 0 threats.

Broni · May 21, 2015

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

=============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Broni · May 26, 2015

The issue seems to be resolved.

Solved My FUBAR

tomclark

Posts: 9 +0

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

tomclark

Posts: 9 +0

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

Attachments

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

tomclark

Posts: 9 +0

tomclark

Posts: 9 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts