TechSpot

My FUBAR

By tomclark
May 14, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
    Ran by Tom (administrator) on TOM-PC on 14-05-2015 13:18:46
    Running from C:\Users\Tom\Downloads
    Loaded Profiles: Tom (Available profiles: Tom)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (Promise Technology INC) C:\Windows\SysWOW64\BeepApp.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe



    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\MountPoints2: {2bed5898-8de6-11e0-a2fb-0024e819d949} - J:\LaunchU3.exe -a
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\MountPoints2: {31b627d4-60f0-11e4-803e-0024e819d949} - J:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> DefaultScope {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-24] (IObit)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

    FireFox:
    ========
    FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157
    FF DefaultSearchEngine.US: Google
    FF Homepage: https://flipboard.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-15]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (avast! WebRep) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-10-02]
    CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-01] (Avast Software)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-05-01] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-05-01] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-03] (REALiX(tm))
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
    R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-05-01] (Avast Software)
    R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
    R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-14 13:18 - 2015-05-14 13:19 - 00012956 _____ () C:\Users\Tom\Downloads\FRST.txt.txt
    2015-05-14 13:18 - 2015-05-14 13:18 - 00000000 ____D () C:\FRST
    2015-05-14 13:02 - 2015-05-14 13:02 - 02105856 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
    2015-05-13 16:41 - 2015-05-14 12:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-13 16:41 - 2015-05-13 16:41 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-05-13 16:23 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-05-13 16:23 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-05-13 16:23 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-05-13 16:23 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-05-13 16:23 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-05-13 16:23 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-05-13 16:23 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-05-13 16:23 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-05-13 16:23 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 16:23 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 16:23 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 13:14 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-13 13:14 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 10:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 10:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 10:04 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 10:04 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-05-13 07:51 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 07:51 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 07:51 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 07:51 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-13 07:51 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-13 07:51 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 07:51 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 07:51 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 07:51 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 07:51 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 07:51 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-13 07:51 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 07:50 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 07:50 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 07:50 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 07:50 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 07:50 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-13 07:50 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-05-13 07:50 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-05-13 07:50 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-05-13 07:50 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 07:50 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 07:50 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 07:50 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-13 07:50 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-05-13 07:50 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-05-04 17:50 - 2015-05-04 17:51 - 00000368 _____ () C:\Users\Tom\Documents\cc_20150504_175057.reg
    2015-05-04 17:47 - 2015-05-04 17:47 - 06484352 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup505.exe
    2015-05-01 07:30 - 2015-05-01 07:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-05-01 07:30 - 2015-05-01 07:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-23 00:03 - 2015-04-23 00:03 - 00001328 _____ () C:\Users\Tom\Documents\cc_20150423_000314.reg
    2015-04-21 19:48 - 2015-04-21 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-18 18:11 - 2015-04-18 18:11 - 00000420 _____ () C:\Users\Tom\Documents\cc_20150418_181114.reg
    2015-04-15 10:34 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-15 10:34 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-15 10:33 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-15 10:33 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-15 10:33 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-15 10:33 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-04-15 10:33 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-04-15 10:33 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-04-15 10:33 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-15 10:33 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-15 10:33 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-04-15 10:33 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-04-15 10:33 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-04-15 10:33 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-04-15 10:23 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-15 10:23 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-15 10:23 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-15 10:22 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-15 10:22 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2015-04-14 02:26 - 2015-04-14 02:26 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2015-04-14 02:26 - 2015-04-14 02:26 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-14 12:48 - 2011-10-18 13:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-14 12:28 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-14 12:28 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-14 11:48 - 2011-10-18 13:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-14 07:40 - 2008-01-20 21:53 - 01197864 ____N () C:\Windows\WindowsUpdate.log
    2015-05-13 16:42 - 2011-06-15 18:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-05-13 16:41 - 2012-06-14 17:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-05-13 16:41 - 2011-06-04 09:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-13 16:34 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-13 16:28 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-13 16:28 - 2006-11-02 11:21 - 00234888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 16:26 - 2011-05-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-13 16:26 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-13 16:24 - 2006-11-02 11:42 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-13 16:21 - 2014-10-02 13:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-13 16:16 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-05-13 10:04 - 2011-05-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-13 10:04 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
    2015-05-13 07:44 - 2015-03-24 22:24 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Tom
    2015-05-13 07:44 - 2010-10-27 18:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
    2015-05-13 07:37 - 2014-10-02 10:25 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-05-11 18:47 - 2015-02-03 23:21 - 00000000 ____D () C:\ProgramData\ProductData
    2015-05-06 18:23 - 2015-02-23 16:20 - 00000000 ____D () C:\Users\Tom\Desktop\Pics
    2015-05-04 17:48 - 2014-10-02 13:34 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-01 07:30 - 2014-10-03 08:03 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-05-01 07:30 - 2014-10-03 08:00 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-05-01 07:30 - 2014-10-03 08:00 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-05-01 07:30 - 2011-06-15 19:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
    2015-04-24 16:05 - 2014-10-02 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-15 10:31 - 2014-10-02 14:50 - 00752894 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

    ==================== Files in the root of some directories =======

    2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
    2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
    2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
    2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
    2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
    2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
    2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
    2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
    2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-14 04:35

    ==================== End Of Log ============================
     
  2. tomclark

    tomclark TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
    Ran by Tom at 2015-05-14 13:19:28
    Running from C:\Users\Tom\Downloads
    Boot Mode: Normal
    ==========================================================



    ==================== Accounts: =============================

    Administrator (S-1-5-21-3455538325-3860738269-3256896585-500 - Administrator - Disabled)
    Guest (S-1-5-21-3455538325-3860738269-3256896585-501 - Limited - Disabled)
    Tom (S-1-5-21-3455538325-3860738269-3256896585-1000 - Administrator - Enabled) => C:\Users\Tom

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
    ATI Catalyst Install Manager (HKLM\...\{1D7F8784-001D-38D6-DCC6-5174D250C811}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
    ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Dropbox (HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hauppauge TV Tuner Driver (x32 Version: 2.1.26057 - Hauppauge Computer Works) Hidden
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
    KeePass Password Safe 1.19b (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.19b - Dominik Reichl)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
    RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    21-04-2015 07:37:00 Windows Update
    22-04-2015 00:00:00 Scheduled Checkpoint
    23-04-2015 01:02:14 Scheduled Checkpoint
    24-04-2015 00:00:00 Scheduled Checkpoint
    24-04-2015 18:46:01 Scheduled Checkpoint
    26-04-2015 00:00:01 Scheduled Checkpoint
    27-04-2015 09:20:15 Scheduled Checkpoint
    28-04-2015 00:00:00 Scheduled Checkpoint
    28-04-2015 06:34:02 Windows Update
    29-04-2015 08:55:19 Scheduled Checkpoint
    30-04-2015 00:00:00 Scheduled Checkpoint
    01-05-2015 07:29:31 avast! antivirus system restore point
    02-05-2015 00:00:00 Scheduled Checkpoint
    03-05-2015 00:00:00 Scheduled Checkpoint
    04-05-2015 09:33:45 Scheduled Checkpoint
    05-05-2015 00:00:00 Scheduled Checkpoint
    05-05-2015 02:25:28 Windows Update
    05-05-2015 19:13:32 Scheduled Checkpoint
    06-05-2015 19:53:10 Scheduled Checkpoint
    07-05-2015 09:19:01 Scheduled Checkpoint
    08-05-2015 00:00:00 Scheduled Checkpoint
    08-05-2015 02:26:26 Windows Update
    09-05-2015 08:55:46 Scheduled Checkpoint
    10-05-2015 08:53:49 Scheduled Checkpoint
    11-05-2015 00:00:00 Scheduled Checkpoint
    11-05-2015 19:34:16 Scheduled Checkpoint
    12-05-2015 08:02:23 Windows Update
    13-05-2015 09:15:05 Scheduled Checkpoint
    13-05-2015 10:03:04 Windows Update
    14-05-2015 00:00:00 Scheduled Checkpoint
    14-05-2015 03:00:10 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2012-03-20 10:46 - 00427011 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00F8BA34-BB22-478B-9001-02E926F2103B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {06811054-C2F8-4AD3-9D10-7268E1A0A781} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
    Task: {0A71E32B-FF71-4281-85A2-92F0609256D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe
    Task: {1F7A3312-998E-4E4D-BFA2-82A9AB99D98E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {276173D9-E46B-4991-AE6D-5149592BB073} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe
    Task: {282D1BEB-D5A1-4CBA-A8A0-EBDF4CBCE2DB} - System32\Tasks\Uninstaller_SkipUac_Tom => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
    Task: {2AE73E10-53B2-4439-AB31-69CE5F501635} - System32\Tasks\ASC8_SkipUac_Tom => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
    Task: {5B689E22-0E70-4499-A720-CC1E31ADA713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {CE56ADDE-9BA9-4B24-AC0B-A13C0421619F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
    Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {FBDDED8F-2C5C-4D88-9A5A-5097C8DC8439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2009-03-16 03:47 - 2009-03-16 03:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    2010-10-26 15:54 - 2009-06-14 22:11 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
    2008-11-18 16:25 - 2008-11-18 16:25 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-10-26 15:58 - 2010-10-26 15:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2009-03-16 03:47 - 2009-03-16 03:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    2009-03-16 03:47 - 2009-03-16 03:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    2015-03-17 08:23 - 2015-05-01 07:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
    2015-03-17 08:23 - 2015-05-01 07:30 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
    2015-05-13 16:03 - 2015-05-13 16:03 - 02927616 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051302\algo.dll
    2015-05-14 04:44 - 2015-05-14 04:44 - 02928128 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051400\algo.dll
    2009-03-05 22:00 - 2009-03-05 22:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
    2014-10-03 08:02 - 2015-03-17 08:23 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
    2015-03-24 22:24 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2015-03-24 22:24 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2015-03-24 22:24 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2015-04-20 07:54 - 2015-04-20 07:54 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7526 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 65.32.5.111 - 65.32.5.112

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: DellSystemDetect => C:\Users\Tom\AppData\Local\Apps\2.0\CA6D4LX9.7WD\PGKW1G3A.05E\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

    ==================== FirewallRules (whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{D1E89A07-AFA7-40F6-84F5-D5B128206903}] => (Allow) LPort=80
    FirewallRules: [{3256CC47-8633-445B-81EE-7285DBEE8E4C}] => (Allow) LPort=80
    FirewallRules: [{02D616DC-AC5C-4FFD-9028-CAD917458AEC}] => (Allow) LPort=80
    FirewallRules: [{BA4244BF-6DFE-4F2E-BC15-8C552C74BE3C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1ED82812-6898-48EC-B69F-FF492103C76C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{7E1051F0-643E-42AF-81AF-253E4B069C6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{70633F8F-1E2A-49DE-B600-E9781289224C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{FFD5D0AD-4201-41B9-801A-0055AA56F4B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{849AE588-0614-4186-B2D7-85BC041D9573}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5B5BA5A1-5F48-4A28-B0DE-33316E10ECF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{5A56C34D-C37C-4097-96A5-893260C844C4}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
    FirewallRules: [{2E056CD9-2E98-4626-BBE3-C039D967AFB0}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020

    Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

    Error: (05/13/2015 10:13:50 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
    Description: Product: Microsoft .NET Framework 4.5.2 - Update 'KB3048077' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB3048077_20150513_100503656-Microsoft .NET Framework 4.5.2-MSP0.txt.

    Error: (05/13/2015 10:09:40 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Microsoft .NET Framework 4.5.2 -- Error 1921. Service 'Microsoft .NET Framework NGEN v4.0.30319_X86' (clr_optimization_v4.0.30319_32) could not be stopped. Verify that you have sufficient privileges to stop system services.

    Error: (05/13/2015 07:36:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/12/2015 07:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/11/2015 06:47:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/10/2015 08:15:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (05/13/2015 04:42:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Windows Search%%1053

    Error: (05/13/2015 04:42:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Windows Search

    Error: (05/13/2015 04:42:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (05/13/2015 04:28:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/13/2015 10:13:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: 0x80070643Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows Vista and Windows Server 2008 x64 (KB3048077){71CF1E34-7804-44EA-ADA7-1A1E5E1EBB8A}203

    Error: (05/13/2015 07:37:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/12/2015 07:56:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/11/2015 06:47:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/10/2015 08:15:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/10/2015 08:14:20 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:16:15 PM on 5/9/2015 was unexpected.


    Microsoft Office Sessions:
    =========================
    Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
    System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

    Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

    Error: (05/13/2015 10:13:50 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
    Description: Microsoft .NET Framework 4.5.2KB30480771603C:\Windows\TEMP\KB3048077_20150513_100503656-Microsoft .NET Framework 4.5.2-MSP0.txt(NULL)

    Error: (05/13/2015 10:09:40 AM) (Source: MsiInstaller) (EventID: 11921) (User: NT AUTHORITY)
    Description: Product: Microsoft .NET Framework 4.5.2 -- Error 1921. Service 'Microsoft .NET Framework NGEN v4.0.30319_X86' (clr_optimization_v4.0.30319_32) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)

    Error: (05/13/2015 07:36:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/12/2015 07:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/11/2015 06:47:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/10/2015 08:15:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2012-06-18 17:47:20.182
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:19.902
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:19.605
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:19.215
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\w2k\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:18.810
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:18.420
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:18.092
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:17.874
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\amd64\wnet\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:17.593
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-18 17:47:17.203
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Drivers\i386\wlh\SBTIS.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 8450e Triple-Core Processor
    Percentage of memory in use: 29%
    Total physical RAM: 7934.2 MB
    Available physical RAM: 5596.51 MB
    Total Pagefile: 16084.93 MB
    Available Pagefile: 13640.6 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:596.15 GB) (Free:417.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: (Lexar) (Removable) (Total:29.8 GB) (Free:4.96 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: EEE20903)
    Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

    ==================== End Of Log ============================


    Older computer many problems.... you folks are awesome. Thanx.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
    tomclark likes this.
  4. tomclark

    tomclark TS Rookie Topic Starter

    The machine has been running internet slower and slower. Internet freezes (firefox, often plugin-container.exe!) I have been having to click twice on links and submit buttons. I am not that savvy but I fear there are too many background programs running. Should have plenty of RAM and speed. This machine has been in storage a few years and was "clean" when I put it away, fast.
    Here are my scans as directed I hope, thanks!

    RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Tom [Administrator]
    Started from : C:\Users\Tom\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 05/14/2015 18:58:50

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 5 ¤¤¤
    [Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 9ge7wrjy.default-1426779424157 : user_pref("browser.startup.homepage", "https://flipboard.com/"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] b4146a9a0f1a7820047d3d655ec13048
    [BSP] c8d8c1fc274e10f24025e399ece7e81d : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610461 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )



    ============================================
    RKreport_SCN_05142015_185719.log



    Malwarebytes Anti-Malwarewww.malwarebytes.org


    Scan Date: 5/14/2015
    Scan Time: 7:04:23 PM
    Logfile: MWBscan.txt
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.14.05
    Rootkit Database: v2015.04.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Tom

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 344265
    Time Elapsed: 12 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    # AdwCleaner v4.204 - Logfile created 14/05/2015 at 19:38:26
    # Updated 12/05/2015 by Xplode
    # Database : 2015-05-12.2 [Server]
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
    # Username : Tom - TOM-PC
    # Running from : C:\Users\Tom\Downloads\adwcleaner_4.204.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\Users\Tom\Favorites\Coupons
    [!] Folder Deleted : C:\Users\Tom\Favorites\Coupons

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16644


    -\\ Mozilla Firefox v37.0.2 (x86 en-US)


    -\\ Google Chrome v42.0.2311.135


    *************************

    AdwCleaner[R0].txt - [895 bytes] - [14/05/2015 19:27:33]
    AdwCleaner[R1].txt - [953 bytes] - [14/05/2015 19:36:50]
    AdwCleaner[S0].txt - [891 bytes] - [14/05/2015 19:38:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [949 bytes] ##########



    Junkware Removal Tool (JRT) by ThisisuVersion: 6.7.1 (05.14.2015:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Tom on Thu 05/14/2015 at 19:46:26.77
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\pcdr
    Successfully deleted: [Folder] C:\Users\Tom\appdata\locallow\pcdr
    Successfully deleted: [Folder] C:\Users\Tom\AppData\Roaming\pcdr



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\9ge7wrjy.default-1426779424157\prefs.js

    user_pref(extensions.iobitascsurfingprotection@iobit.com.install-event-fired, true);
    Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\9ge7wrjy.default-1426779424157\minidumps [1 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 05/14/2015 at 19:51:06.07
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  5. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. tomclark

    tomclark TS Rookie Topic Starter

    I'm getting scared about all the programs left on my computer, lol. Here be the ComboFix Scan results:

    ComboFix 15-05-13.01 - Tom 05/17/2015 12:54:47.1.3 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5774 [GMT -4:00]
    Running from: c:\users\Tom\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-04-17 to 2015-05-17 )))))))))))))))))))))))))))))))
    .
    .
    2015-05-17 17:01 . 2015-05-17 17:01 -------- d-----w- c:\users\Tom\AppData\Local\temp
    2015-05-17 17:01 . 2015-05-17 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-05-17 11:24 . 2015-05-17 11:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D53FB6A-3814-4F98-BEC4-4D7BDFFC4BD2}\offreg.dll
    2015-05-15 06:07 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D53FB6A-3814-4F98-BEC4-4D7BDFFC4BD2}\mpengine.dll
    2015-05-14 23:46 . 2015-05-14 23:46 -------- d-----w- C:\RegBackup
    2015-05-14 23:27 . 2015-05-14 23:38 -------- d-----w- C:\AdwCleaner
    2015-05-14 23:04 . 2015-05-14 23:04 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-05-14 23:03 . 2015-05-14 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-05-14 23:03 . 2015-05-14 23:03 -------- d-----w- c:\programdata\Malwarebytes
    2015-05-14 23:03 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-05-14 23:03 . 2015-04-14 13:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-05-14 23:03 . 2015-04-14 13:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-05-14 22:51 . 2015-05-14 22:51 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-05-14 22:51 . 2015-05-14 23:01 -------- d-----w- c:\programdata\RogueKiller
    2015-05-14 18:12 . 2015-05-14 18:12 -------- d-----w- c:\program files\Speccy
    2015-05-14 17:18 . 2015-05-14 17:20 -------- d-----w- C:\FRST
    2015-05-13 17:15 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-13 17:15 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2015-05-13 17:15 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2015-05-13 17:15 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2015-05-13 17:15 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2015-05-13 17:15 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
    2015-05-13 17:14 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
    2015-05-13 17:14 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
    2015-05-13 14:04 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
    2015-05-13 14:04 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
    2015-05-13 14:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 14:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 11:50 . 2015-04-09 23:46 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2015-05-01 11:30 . 2015-05-01 11:30 364472 ----a-w- c:\windows\system32\aswBoot.exe
    2015-05-01 11:30 . 2015-05-01 11:30 43112 ----a-w- c:\windows\avastSS.scr
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-05-13 20:41 . 2012-06-14 21:35 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-05-13 20:41 . 2011-06-04 13:13 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-05-13 20:16 . 2006-11-02 12:35 140425016 ----a-w- c:\windows\system32\mrt.exe
    2015-05-01 11:30 . 2014-10-03 12:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-05-01 11:30 . 2014-10-03 12:00 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-05-01 11:30 . 2014-10-03 12:00 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-05-01 11:30 . 2010-10-26 20:00 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-05-01 11:30 . 2010-10-26 20:00 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2015-05-01 11:30 . 2010-10-26 20:00 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2015-05-01 11:30 . 2010-10-26 20:00 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-05-01 11:30 . 2011-06-15 23:31 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
    2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
    2015-03-25 02:29 . 2015-03-25 02:29 797400 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
    2015-03-25 02:29 . 2015-03-25 02:29 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
    2015-03-25 02:29 . 2010-01-05 20:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2015-03-14 02:22 . 2015-04-15 14:33 1585248 ----a-w- c:\windows\system32\ntdll.dll
    2015-03-14 02:22 . 2015-04-15 14:33 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2015-03-13 01:44 . 2015-04-15 14:33 4691384 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-03-13 01:44 . 2015-04-15 14:33 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2015-03-13 01:44 . 2015-04-15 14:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2015-03-13 01:43 . 2015-04-15 14:33 43008 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-03-13 01:30 . 2015-04-15 14:33 17408 ----a-w- c:\windows\system32\wow64cpu.dll
    2015-03-13 01:30 . 2015-04-15 14:33 301568 ----a-w- c:\windows\system32\wow64win.dll
    2015-03-13 01:30 . 2015-04-15 14:33 234496 ----a-w- c:\windows\system32\wow64.dll
    2015-03-13 01:30 . 2015-04-15 14:33 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2015-03-13 00:08 . 2015-04-15 14:33 26112 ----a-w- c:\windows\SysWow64\setup16.exe
    2015-03-13 00:08 . 2015-04-15 14:33 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2015-03-13 00:08 . 2015-04-15 14:33 2560 ----a-w- c:\windows\SysWow64\user.exe
    2015-03-09 01:01 . 2015-04-15 14:22 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-03-09 00:40 . 2015-04-15 14:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2015-03-05 02:25 . 2015-04-15 14:34 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
    2015-03-05 02:23 . 2015-04-15 14:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
    2015-03-05 02:14 . 2015-04-15 14:23 360384 ----a-w- c:\windows\system32\clfs.sys
    2015-03-05 01:58 . 2015-04-15 14:34 390144 ----a-w- c:\windows\system32\gdi32.dll
    2015-03-05 01:58 . 2015-04-15 14:23 77824 ----a-w- c:\windows\system32\clfsw32.dll
    2015-02-24 08:17 . 2010-10-27 02:21 295552 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-20 02:03 . 2015-03-10 21:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-02-20 01:44 . 2015-03-10 21:18 48128 ----a-w- c:\windows\system32\atmlib.dll
    2015-02-20 00:39 . 2015-03-10 21:18 372224 ----a-w- c:\windows\system32\atmfd.dll
    2015-02-20 00:28 . 2015-03-10 21:18 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-02-18 01:42 . 2015-03-10 21:14 12899840 ----a-w- c:\windows\system32\shell32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 131248 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
    "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2015-05-11 5515496]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-05-15 03:49 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 20:41]
    .
    2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 22:31]
    .
    2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 22:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
    2015-03-25 02:24 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-05-01 11:30 722400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157\
    FF - prefs.js: browser.startup.homepage - hxxps://flipboard.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.17"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2015-05-17 13:06:34
    ComboFix-quarantined-files.txt 2015-05-17 17:06
    .
    Pre-Run: 450,647,121,920 bytes free
    Post-Run: 450,497,363,968 bytes free
    .
    - - End Of File - - 28931867934380EF984CA8A74FF4C121
    5C616939100B85E558DA92B899A0FC36
     
  7. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    We'll remove all those programs at the end of this topic.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  8. tomclark

    tomclark TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
    Ran by Tom (administrator) on TOM-PC on 17-05-2015 21:03:57
    Running from C:\Users\Tom\Downloads
    Loaded Profiles: Tom (Available profiles: Tom)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (Promise Technology INC) C:\Windows\SysWOW64\BeepApp.exe



    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1391616 2006-11-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000 -> {0C531029-7982-4909-9DF4-16DB025BFF31} URL = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-24] (IObit)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

    FireFox:
    ========
    FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\9ge7wrjy.default-1426779424157
    FF DefaultSearchEngine.US: Google
    FF Homepage: https://flipboard.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-03]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-15]

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (avast! WebRep) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-10-02]
    CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-16] (AMD) [File not signed]
    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-01] (Avast Software)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-05-01] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-05-01] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
    S1 Beep; No ImagePath
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-03] (REALiX(tm))
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-14] ()
    R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-05-01] (Avast Software)
    R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
    R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-17 21:03 - 2015-05-17 21:04 - 00013359 _____ () C:\Users\Tom\Downloads\FRST.txt
    2015-05-17 21:03 - 2015-05-17 21:03 - 00000000 ____D () C:\Users\Tom\Downloads\FRST-OlderVersion
    2015-05-17 13:30 - 2015-05-17 13:30 - 00000546 _____ () C:\Windows\PFRO.log
    2015-05-17 13:21 - 2015-05-17 13:21 - 00019292 _____ () C:\Users\Tom\Desktop\combofixtom.txt
    2015-05-17 13:06 - 2015-05-17 13:06 - 00019292 _____ () C:\ComboFix.txt
    2015-05-17 12:53 - 2015-05-17 13:06 - 00000000 ____D () C:\Qoobox
    2015-05-17 12:53 - 2015-05-17 13:06 - 00000000 ____D () C:\ComboFix
    2015-05-17 12:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-05-17 12:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-05-17 12:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-05-17 12:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-05-17 12:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-05-17 12:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-05-17 12:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-05-17 12:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-05-17 12:52 - 2015-05-17 13:03 - 00000000 ____D () C:\Windows\erdnt
    2015-05-17 08:10 - 2015-05-17 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-14 22:49 - 2015-05-14 22:50 - 05623645 ____R (Swearware) C:\Users\Tom\Downloads\ComboFix.exe
    2015-05-14 19:51 - 2015-05-14 19:51 - 00001333 _____ () C:\Users\Tom\Desktop\JRT.txt
    2015-05-14 19:46 - 2015-05-14 19:46 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOM-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
    2015-05-14 19:46 - 2015-05-14 19:46 - 00000000 ____D () C:\RegBackup
    2015-05-14 19:44 - 2015-05-14 19:44 - 02721175 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe
    2015-05-14 19:27 - 2015-05-14 19:38 - 00000000 ____D () C:\AdwCleaner
    2015-05-14 19:20 - 2015-05-14 19:21 - 02209792 _____ () C:\Users\Tom\Downloads\adwcleaner_4.204.exe
    2015-05-14 19:17 - 2015-05-14 19:17 - 00001062 _____ () C:\Users\Tom\Desktop\MWBscan.txt
    2015-05-14 19:04 - 2015-05-14 19:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-14 19:03 - 2015-05-14 19:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-14 19:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-14 19:03 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-05-14 19:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-05-14 19:01 - 2015-05-14 19:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Tom\Downloads\mbam-setup-2.1.6.1022.exe
    2015-05-14 18:51 - 2015-05-14 19:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-14 18:51 - 2015-05-14 18:51 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-05-14 18:49 - 2015-05-14 18:51 - 16971864 _____ () C:\Users\Tom\Downloads\RogueKiller.exe
    2015-05-14 16:18 - 2015-05-14 16:18 - 00014380 _____ () C:\Users\Tom\Documents\cc_20150514_161801.reg
    2015-05-14 15:04 - 2015-05-14 15:04 - 00326845 _____ () C:\Users\Tom\Desktop\SpeccyTom.txt
    2015-05-14 14:15 - 2015-05-14 14:15 - 00326845 _____ () C:\Users\Tom\Desktop\TOM-PCspeccy.txt
    2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2015-05-14 14:12 - 2015-05-14 14:12 - 00000000 ____D () C:\Program Files\Speccy
    2015-05-14 14:11 - 2015-05-14 14:12 - 05127432 _____ (Piriform Ltd) C:\Users\Tom\Downloads\spsetup128.exe
    2015-05-14 13:19 - 2015-05-14 13:20 - 00031147 _____ () C:\Users\Tom\Downloads\Addition.txt
    2015-05-14 13:18 - 2015-05-17 21:03 - 00000000 ____D () C:\FRST
    2015-05-14 13:02 - 2015-05-17 21:03 - 02107392 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe
    2015-05-13 16:41 - 2015-05-17 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-13 16:41 - 2015-05-13 16:41 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-05-13 16:23 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-05-13 16:23 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-05-13 16:23 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-05-13 16:23 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-05-13 16:23 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-05-13 16:23 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-05-13 16:23 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-05-13 16:23 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-05-13 16:23 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-05-13 16:23 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-05-13 16:23 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 16:23 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 16:23 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 13:14 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-13 13:14 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 10:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 10:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 10:04 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 10:04 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-05-13 07:51 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 07:51 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 07:51 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 07:51 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-13 07:51 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-13 07:51 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 07:51 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 07:51 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-13 07:51 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-13 07:51 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-13 07:51 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-13 07:51 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-13 07:51 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-13 07:50 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 07:50 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 07:50 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 07:50 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 07:50 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-05-13 07:50 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-13 07:50 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-05-13 07:50 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-05-13 07:50 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-05-13 07:50 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-13 07:50 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-13 07:50 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-13 07:50 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-05-13 07:50 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-13 07:50 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-05-13 07:50 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-05-13 07:50 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-05-04 17:50 - 2015-05-04 17:51 - 00000368 _____ () C:\Users\Tom\Documents\cc_20150504_175057.reg
    2015-05-04 17:47 - 2015-05-04 17:47 - 06484352 _____ (Piriform Ltd) C:\Users\Tom\Downloads\ccsetup505.exe
    2015-05-01 07:30 - 2015-05-01 07:30 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-05-01 07:30 - 2015-05-01 07:30 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-04-23 00:03 - 2015-04-23 00:03 - 00001328 _____ () C:\Users\Tom\Documents\cc_20150423_000314.reg
    2015-04-18 18:11 - 2015-04-18 18:11 - 00000420 _____ () C:\Users\Tom\Documents\cc_20150418_181114.reg

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-05-17 20:53 - 2011-10-18 13:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-17 19:30 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 19:30 - 2006-11-02 11:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 13:36 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-17 13:35 - 2008-01-20 21:53 - 01280487 _____ () C:\Windows\WindowsUpdate.log
    2015-05-17 13:30 - 2014-10-02 10:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-17 13:30 - 2014-10-02 10:25 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-05-17 13:30 - 2011-10-18 13:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-17 13:30 - 2006-11-02 11:42 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-17 13:30 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-17 13:06 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
    2015-05-17 13:01 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
    2015-05-15 09:48 - 2011-10-18 13:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-15 09:48 - 2011-10-18 13:18 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-14 22:16 - 2015-03-11 09:28 - 00000000 ____D () C:\Users\Tom\Desktop\Heidi
    2015-05-13 16:42 - 2011-06-15 18:54 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-05-13 16:41 - 2012-06-14 17:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-05-13 16:41 - 2011-06-04 09:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-05-13 16:28 - 2006-11-02 11:21 - 00234888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 16:26 - 2011-05-12 23:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-13 16:26 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-13 16:21 - 2014-10-02 13:56 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-13 16:16 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-05-13 10:04 - 2011-05-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-13 10:04 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
    2015-05-13 07:44 - 2015-03-24 22:24 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Tom
    2015-05-13 07:44 - 2010-10-27 18:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Deployment
    2015-05-11 18:47 - 2015-02-03 23:21 - 00000000 ____D () C:\ProgramData\ProductData
    2015-05-06 18:23 - 2015-02-23 16:20 - 00000000 ____D () C:\Users\Tom\Desktop\Pics
    2015-05-04 17:48 - 2014-10-02 13:34 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-01 07:30 - 2014-10-03 08:03 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-05-01 07:30 - 2014-10-03 08:00 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-05-01 07:30 - 2014-10-03 08:00 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-05-01 07:30 - 2011-06-15 19:31 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
    2015-05-01 07:30 - 2010-10-26 16:00 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys

    ==================== Files in the root of some directories =======

    2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
    2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
    2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
    2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
    2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
    2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
    2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
    2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
    2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-17 13:36

    ==================== End Of Log ============================
     
  9. tomclark

    tomclark TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
    Ran by Tom at 2015-05-17 21:04:49
    Running from C:\Users\Tom\Downloads
    Boot Mode: Normal
    ==========================================================



    ==================== Accounts: =============================

    Administrator (S-1-5-21-3455538325-3860738269-3256896585-500 - Administrator - Disabled)
    Guest (S-1-5-21-3455538325-3860738269-3256896585-501 - Limited - Disabled)
    Tom (S-1-5-21-3455538325-3860738269-3256896585-1000 - Administrator - Enabled) => C:\Users\Tom

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
    ATI Catalyst Install Manager (HKLM\...\{1D7F8784-001D-38D6-DCC6-5174D250C811}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
    ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Dropbox (HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Hauppauge TV Tuner Driver (x32 Version: 2.1.26057 - Hauppauge Computer Works) Hidden
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
    KeePass Password Safe 1.19b (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.19b - Dominik Reichl)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)
    RAIDXpert (x32 Version: 2.4.1546.4 - AMD) Hidden
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Skins (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3455538325-3860738269-3256896585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    24-04-2015 18:46:01 Scheduled Checkpoint
    26-04-2015 00:00:01 Scheduled Checkpoint
    27-04-2015 09:20:15 Scheduled Checkpoint
    28-04-2015 00:00:00 Scheduled Checkpoint
    28-04-2015 06:34:02 Windows Update
    29-04-2015 08:55:19 Scheduled Checkpoint
    30-04-2015 00:00:00 Scheduled Checkpoint
    01-05-2015 07:29:31 avast! antivirus system restore point
    02-05-2015 00:00:00 Scheduled Checkpoint
    03-05-2015 00:00:00 Scheduled Checkpoint
    04-05-2015 09:33:45 Scheduled Checkpoint
    05-05-2015 00:00:00 Scheduled Checkpoint
    05-05-2015 02:25:28 Windows Update
    05-05-2015 19:13:32 Scheduled Checkpoint
    06-05-2015 19:53:10 Scheduled Checkpoint
    07-05-2015 09:19:01 Scheduled Checkpoint
    08-05-2015 00:00:00 Scheduled Checkpoint
    08-05-2015 02:26:26 Windows Update
    09-05-2015 08:55:46 Scheduled Checkpoint
    10-05-2015 08:53:49 Scheduled Checkpoint
    11-05-2015 00:00:00 Scheduled Checkpoint
    11-05-2015 19:34:16 Scheduled Checkpoint
    12-05-2015 08:02:23 Windows Update
    13-05-2015 09:15:05 Scheduled Checkpoint
    13-05-2015 10:03:04 Windows Update
    14-05-2015 00:00:00 Scheduled Checkpoint
    14-05-2015 03:00:10 Windows Update
    14-05-2015 23:17:59 Scheduled Checkpoint
    15-05-2015 14:55:33 Scheduled Checkpoint
    16-05-2015 09:10:31 Scheduled Checkpoint
    17-05-2015 07:55:38 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2012-03-20 10:46 - 00427011 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00F8BA34-BB22-478B-9001-02E926F2103B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {06811054-C2F8-4AD3-9D10-7268E1A0A781} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
    Task: {0A71E32B-FF71-4281-85A2-92F0609256D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
    Task: {1F7A3312-998E-4E4D-BFA2-82A9AB99D98E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {276173D9-E46B-4991-AE6D-5149592BB073} - \PCDEventLauncherTask No Task File <==== ATTENTION
    Task: {282D1BEB-D5A1-4CBA-A8A0-EBDF4CBCE2DB} - System32\Tasks\Uninstaller_SkipUac_Tom => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
    Task: {2AE73E10-53B2-4439-AB31-69CE5F501635} - System32\Tasks\ASC8_SkipUac_Tom => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
    Task: {5B689E22-0E70-4499-A720-CC1E31ADA713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {CE56ADDE-9BA9-4B24-AC0B-A13C0421619F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
    Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {FBDDED8F-2C5C-4D88-9A5A-5097C8DC8439} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-10-26 15:54 - 2009-06-14 22:11 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
    2010-10-27 18:44 - 2008-03-17 17:50 - 00072192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2010-10-27 18:44 - 2009-01-06 17:11 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
    2010-10-27 18:44 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
    2009-03-16 03:47 - 2009-03-16 03:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    2008-11-18 16:25 - 2008-11-18 16:25 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2010-10-26 15:58 - 2010-10-26 15:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2009-03-16 03:47 - 2009-03-16 03:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    2009-03-16 03:47 - 2009-03-16 03:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    2015-03-17 08:23 - 2015-05-01 07:30 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
    2015-03-17 08:23 - 2015-05-01 07:30 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
    2015-05-17 13:31 - 2015-05-17 13:31 - 02929664 _____ () C:\Program Files\Alwil Software\Avast5\defs\15051701\algo.dll
    2014-10-03 08:02 - 2015-03-17 08:23 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
    2009-03-05 22:00 - 2009-03-05 22:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
    2015-03-24 22:24 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2015-03-24 22:24 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2015-03-24 22:24 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7525 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 65.32.5.111 - 65.32.5.112

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: DellSystemDetect => C:\Users\Tom\AppData\Local\Apps\2.0\CA6D4LX9.7WD\PGKW1G3A.05E\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{D1E89A07-AFA7-40F6-84F5-D5B128206903}] => (Allow) LPort=80
    FirewallRules: [{3256CC47-8633-445B-81EE-7285DBEE8E4C}] => (Allow) LPort=80
    FirewallRules: [{02D616DC-AC5C-4FFD-9028-CAD917458AEC}] => (Allow) LPort=80
    FirewallRules: [{BA4244BF-6DFE-4F2E-BC15-8C552C74BE3C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1ED82812-6898-48EC-B69F-FF492103C76C}] => (Allow) C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{7E1051F0-643E-42AF-81AF-253E4B069C6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{70633F8F-1E2A-49DE-B600-E9781289224C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{FFD5D0AD-4201-41B9-801A-0055AA56F4B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{849AE588-0614-4186-B2D7-85BC041D9573}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A56C34D-C37C-4097-96A5-893260C844C4}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
    FirewallRules: [{2E056CD9-2E98-4626-BBE3-C039D967AFB0}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
    FirewallRules: [{14208D2F-F879-4123-8A61-3FAE6DFCB5A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/17/2015 01:30:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/17/2015 06:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/16/2015 08:32:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/15/2015 01:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/14/2015 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/14/2015 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020

    Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll8


    System errors:
    =============
    Error: (05/17/2015 01:30:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: Beep
    SBRE

    Error: (05/17/2015 01:01:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: PEVSystemStart

    Error: (05/17/2015 00:57:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: PEVSystemStart

    Error: (05/17/2015 06:59:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/16/2015 08:32:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/15/2015 01:33:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/14/2015 08:15:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: SBRE

    Error: (05/14/2015 07:47:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Modules Installer11200001Restart the service

    Error: (05/14/2015 07:47:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Windows Media Player Network Sharing Service1300001Restart the service

    Error: (05/14/2015 07:47:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: SAMSUNG Mobile Connectivity Service1


    Microsoft Office Sessions:
    =========================
    Error: (05/17/2015 01:30:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/17/2015 06:59:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/16/2015 08:32:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/15/2015 01:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/14/2015 08:15:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/14/2015 07:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:33:02 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
    System.Drawing, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

    Error: (05/13/2015 04:28:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

    Error: (05/13/2015 04:20:51 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll8


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-17 21:04:42.865
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:42.413
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:42.054
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:41.601
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:41.040
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:40.541
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:40.041
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:39.464
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:07.609
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-17 21:04:07.125
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) 8450e Triple-Core Processor
    Percentage of memory in use: 22%
    Total physical RAM: 7934.2 MB
    Available physical RAM: 6132.57 MB
    Total Pagefile: 15930.93 MB
    Available Pagefile: 14205.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:596.15 GB) (Free:419.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: EEE20903)
    Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  11. tomclark

    tomclark TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
    Ran by Tom at 2015-05-18 18:04:52 Run:1
    Running from C:\Users\Tom\Downloads
    Loaded Profiles: Tom (Available profiles: Tom)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    S1 Beep; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    2011-11-11 22:48 - 2011-11-12 00:16 - 0000118 _____ () C:\Users\Tom\AppData\Roaming\MIDIMAST.INI
    2014-10-06 17:41 - 2014-10-06 17:41 - 0030707 _____ () C:\Users\Tom\AppData\Roaming\UserTile.png
    2015-02-24 10:54 - 2015-04-02 11:10 - 0231659 _____ () C:\Users\Tom\AppData\Local\ars.cache
    2015-02-24 10:54 - 2015-04-02 11:10 - 0404592 _____ () C:\Users\Tom\AppData\Local\census.cache
    2010-10-26 18:47 - 2010-10-26 16:02 - 0000732 _____ () C:\Users\Tom\AppData\Local\d3d9caps64.dat
    2010-10-27 18:08 - 2015-03-09 08:26 - 0006656 _____ () C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-10-31 21:16 - 2010-10-31 21:16 - 0229834 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt
    2010-10-31 21:16 - 2010-10-31 21:16 - 0011760 _____ () C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0428498 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0388780 _____ () C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt
    2010-10-26 15:59 - 2010-10-26 16:00 - 0012766 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt
    2015-01-26 16:34 - 2015-01-26 16:34 - 0012126 _____ () C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt
    2015-02-24 10:46 - 2015-02-24 10:46 - 0000036 _____ () C:\Users\Tom\AppData\Local\housecall.guid.cache
    2015-03-12 19:23 - 2015-04-02 11:07 - 0000010 _____ () C:\Users\Tom\AppData\Local\sponge.last.runtime.cache
    Task: {112494DC-AF47-4CCB-B07D-6AC6FDD913A0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
    Task: {276173D9-E46B-4991-AE6D-5149592BB073} - \PCDEventLauncherTask No Task File <==== ATTENTION
    Task: {CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    C:\Program Files (x86)\Lavasoft

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-3455538325-3860738269-3256896585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll not found.
    C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
    C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll not found.
    C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll not found.
    C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
    Beep => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    SBRE => Service deleted successfully.
    C:\Users\Tom\AppData\Roaming\MIDIMAST.INI => Moved successfully.
    C:\Users\Tom\AppData\Roaming\UserTile.png => Moved successfully.
    C:\Users\Tom\AppData\Local\ars.cache => Moved successfully.
    C:\Users\Tom\AppData\Local\census.cache => Moved successfully.
    C:\Users\Tom\AppData\Local\d3d9caps64.dat => Moved successfully.
    C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924MSI15DA.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_ATL90SP1_KB973924UI15DA.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_vcredistMSI1D00.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_vcredistMSI33D2.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_vcredistUI1D00.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\dd_vcredistUI33D2.txt => Moved successfully.
    C:\Users\Tom\AppData\Local\housecall.guid.cache => Moved successfully.
    C:\Users\Tom\AppData\Local\sponge.last.runtime.cache => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{112494DC-AF47-4CCB-B07D-6AC6FDD913A0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{112494DC-AF47-4CCB-B07D-6AC6FDD913A0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{276173D9-E46B-4991-AE6D-5149592BB073}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{276173D9-E46B-4991-AE6D-5149592BB073}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE59C8A7-4E6E-4ED3-A7FC-7363D23B64DB}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
    C:\Program Files (x86)\Lavasoft => Moved successfully.

    ==== End of Fixlog 18:04:53 ====
     
  12. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  13. tomclark

    tomclark TS Rookie Topic Starter

    Security Check Scan:

    Results of screen317's Security Check version 1.002
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Adobe Flash Player 17.0.0.169
    Adobe Reader 10.1.14 Adobe Reader out of Date!
    Mozilla Firefox (38.0.1)
    Google Chrome (42.0.2311.135)
    Google Chrome (42.0.2311.152)
    ````````Process Check: objlist.exe by Laurent````````
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastui.exe
    Alwil Software Avast5 ng vbox\AvastVBoxSVC.exe
    Alwil Software Avast5 ng ngservice.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     
  14. tomclark

    tomclark TS Rookie Topic Starter

    FSS Scan:

    Farbar Service Scanner Version: 17-01-2015
    Ran by Tom (administrator) on 21-05-2015 at 10:50:13
    Running from "C:\Users\Tom\Downloads"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.



    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    SOPHOS said was Clean. 0 threats.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    =============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,887   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...