Inactive Unknown Rootkit infection Explorer modified

ogahm

Posts: 23   +0
ANYONE that recognizes these symptons please help me IDENTIFY this infection!

I plugged a friends Seagate Expansion drive (SRD00F1) into my machine's usb port and Windows Vista started to load the drivers and then stopped. I went to My Computer and the machine can't see the drive at all. After this I started to see the following occurring:

1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...

2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.

3) Explorer shows no filenames or folder names.

4) The "Start Search" feature of the Start Bar returns nothing.

5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.

It seems like some rootkit has replaced Explorer.exe, but I can't figure out which one. The external drive that caused the infection hasn't been used in months, so it can't be something brand new.

Any assistance on identifying this infection and/or removing it would be greatly appreciated.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/16/2015
Scan Time: 1:19:00 PM
Logfile: MBAMScan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.11
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Shake

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335334
Time Elapsed: 7 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [aea326d143467db9100aafc22ed5a957],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search-Protect, Quarantined, [5af7fbfc2f5a0333112ee0ad2bd8b14f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [a5acb7408aff0630577c0ca8a162817f],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D834389-C771-4037-A6AC-9B96BAD6DEEE}, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\Cache, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

Files: 53
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\Search-Protect, Quarantined, [d77a3cbbaedb0c2aaa93deaffa098779],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\Autorun.inf, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\crx.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameApps.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameEngine.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GLOBALUNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\hmac.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\iestage2.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\INSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\log.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\MinecraftShims64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\PARTNER.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_FindWide.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_Freshy.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\progress.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\regsvr.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\RemoteSkin.wms, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\sqlite.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TntMagicDel.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UninstallDlg.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\untar.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UPDATE.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\xpi.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\zipunzip.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\inst.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\os11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\PARTNER.1.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\partner.dat, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\runt.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\toolbar11075@freshy.com.xpi, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\yah11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

Physical Sectors: 0
(No malicious items detected)


(end)

Here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16592
Run by Shake at 17:09:02 on 2015-01-19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3253 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehshell.exe
C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehVid.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [LiveUpdate 5] "C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" /reminder
mRun: [NCUpdateHelper] "C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{BDD833F9-552B-413B-A541-7C01A695658A} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-18 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-18 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-18 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-18 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-18 87912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-18 50344]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2015-1-1 167424]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\System32\drivers\hcw18bda.sys [2014-5-11 912896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-10-24 90776]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2014-5-11 14136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-01-18 17:36:04 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-01-18 17:36:02 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-18 17:34:01 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2015-01-18 17:34:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-18 17:34:00 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2015-01-18 17:34:00 364512 ----a-w- C:\Windows\System32\aswBoot.exe
2015-01-18 17:34:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-18 17:34:00 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-18 17:33:59 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2015-01-18 17:33:56 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-22 04:08:46 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08:46 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-27 23:04:52 1852168 ----a-w- C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
.
============= FINISH: 17:10:26.56 ===============
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2014 6:27:33 AM
System Uptime: 1/19/2015 4:12:58 AM (13 hours ago)
.
Motherboard: MSI | | MSI X58 PLATINUM SLI(MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2533/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2048 GiB total, 77.743 GiB free.
D: is FIXED (NTFS) - 1397 GiB total, 34.322 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 8.228 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
Service:
.
==== System Restore Points ===================
.
RP263: 4/30/2014 12:00:08 AM - Scheduled Checkpoint
RP264: 5/1/2014 3:56:28 AM - Scheduled Checkpoint
RP265: 5/2/2014 12:00:08 AM - Scheduled Checkpoint
RP266: 5/3/2014 4:30:55 AM - Scheduled Checkpoint
RP267: 5/4/2014 12:14:55 AM - Scheduled Checkpoint
RP268: 5/5/2014 12:00:05 AM - Scheduled Checkpoint
RP269: 5/6/2014 11:41:46 PM - Scheduled Checkpoint
RP270: 5/8/2014 5:43:03 AM - Scheduled Checkpoint
RP271: 5/9/2014 12:01:05 AM - Scheduled Checkpoint
RP272: 5/10/2014 6:40:18 AM - Scheduled Checkpoint
RP179: 11/23/2014 6:05:32 AM - Scheduled Checkpoint
RP180: 11/27/2014 5:27:39 AM - Scheduled Checkpoint
RP181: 12/1/2014 8:29:19 PM - Scheduled Checkpoint
RP182: 12/3/2014 1:04:18 AM - Scheduled Checkpoint
RP183: 12/4/2014 9:33:47 AM - Scheduled Checkpoint
RP184: 12/5/2014 12:55:40 PM - Scheduled Checkpoint
RP185: 12/7/2014 3:56:40 PM - Scheduled Checkpoint
RP186: 12/9/2014 8:02:03 AM - Scheduled Checkpoint
RP187: 12/10/2014 12:00:04 AM - Scheduled Checkpoint
RP188: 12/10/2014 8:12:55 PM - Scheduled Checkpoint
RP189: 12/11/2014 6:07:02 PM - Scheduled Checkpoint
RP190: 12/14/2014 7:55:53 AM - Scheduled Checkpoint
RP191: 12/23/2014 12:21:09 AM - Scheduled Checkpoint
RP192: 12/24/2014 12:19:47 AM - Scheduled Checkpoint
RP193: 12/25/2014 12:00:12 AM - Scheduled Checkpoint
RP194: 12/26/2014 4:12:32 AM - Scheduled Checkpoint
RP195: 12/27/2014 8:23:10 AM - Scheduled Checkpoint
RP196: 12/29/2014 3:00:42 AM - Scheduled Checkpoint
RP197: 12/30/2014 12:00:32 AM - Scheduled Checkpoint
RP198: 12/31/2014 12:23:56 AM - Scheduled Checkpoint
RP199: 1/1/2015 12:24:23 AM - Scheduled Checkpoint
RP200: 1/1/2015 3:12:51 AM - Device Driver Package Install: HTC Corporation Ports (COM & LPT)
RP201: 1/1/2015 3:13:26 AM - Device Driver Package Install: HTC Corporation Modems
RP202: 1/1/2015 3:15:36 AM - Device Driver Package Install: HTC, Corporation
RP204: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Corporation Network adapters
RP203: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Network Protocol
RP205: 1/1/2015 3:19:25 AM - Device Driver Package Install: HTC Corporation Portable Devices
RP206: 1/1/2015 3:21:29 AM - Installed HTC Sync.
RP207: 1/2/2015 12:00:32 AM - Scheduled Checkpoint
RP208: 1/3/2015 6:49:36 AM - Scheduled Checkpoint
RP209: 1/4/2015 6:47:08 AM - Scheduled Checkpoint
RP210: 1/5/2015 10:04:45 AM - Scheduled Checkpoint
RP211: 1/6/2015 12:00:22 AM - Scheduled Checkpoint
RP212: 1/7/2015 12:32:08 AM - Scheduled Checkpoint
RP213: 1/8/2015 12:31:55 AM - Scheduled Checkpoint
RP214: 1/9/2015 1:49:00 AM - Scheduled Checkpoint
RP215: 1/10/2015 12:25:01 AM - Scheduled Checkpoint
RP216: 1/11/2015 12:41:43 AM - Scheduled Checkpoint
RP217: 1/12/2015 4:03:36 AM - Scheduled Checkpoint
RP218: 1/13/2015 12:00:27 AM - Scheduled Checkpoint
RP219: 1/14/2015 12:00:23 AM - Scheduled Checkpoint
RP273: 1/15/2015 12:19:08 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP220: 1/15/2015 9:58:55 PM - Installed HiJackThis
RP221: 1/16/2015 3:28:46 PM - Scheduled Checkpoint
RP222: 1/17/2015 5:52:16 PM - Tweaking.com - Windows Repair
RP223: 1/17/2015 7:46:31 PM - Restore Operation
RP224: 1/17/2015 8:31:45 PM - Tweaking.com - Windows Repair
RP225: 1/18/2015 10:31:46 AM - avast! antivirus system restore point
RP226: 1/19/2015 4:56:40 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 16 NPAPI
Avast Free Antivirus
File Association Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IPTInstaller
Lineage II
Live Update 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
NCH Tone Generator
NCSOFT Game Launcher
PDFlite 1.0.0.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Search-Protect
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
System Requirements Lab for Intel
TNT2-11075 Toolbar
Tweaking.com - Windows Repair (All in One)
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.3
WavePad Sound Editor
Windows Sound Schemes
.
==== Event Viewer Messages From Past Week ========
.
1/19/2015 5:10:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
1/19/2015 4:15:09 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The operating system is not presently configured to run this application.
1/19/2015 4:13:31 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/17/2015 9:04:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/17/2015 8:44:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00242151589A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/17/2015 5:43:28 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942405. User Action: restart task scheduler service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/16/2015 1:54:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
1/15/2015 9:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/15/2015 9:44:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/14/2015 11:36:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:31:51 PM on 1/14/2015 was unexpected.
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Hi, thanks for the help. MBAR says I need to restart to load DDA driver, so I'm posting RogueKiller log now.
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Shake [Administrator]
Mode : Delete -- Date : 01/21/2015 17:28:51

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] hh.exe(4940) -- C:\Windows\hh.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 26 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Shake\AppData\Local\Temp\aswMBR.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uftcaaow (\??\C:\Users\Shake\AppData\Local\Temp\uftcaaow.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Shake\AppData\Local\Temp\aswMBR.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uftcaaow (\??\C:\Users\Shake\AppData\Local\Temp\uftcaaow.sys) -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\RK_ogahm_ON_D_BFE3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_ogahm_ON_D_BFE3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d52b6c94ab88eb597a626c558ef066dd
[BSP] 032aa462bf6135e663515264a45430ec : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2097151 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] abfb3e90302b99f36625230530d60ca6
[BSP] b3e6f15bc5b780c5389857b261735cee : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] b94225a5ee61e4b224745a8c3e6291cb
[BSP] e9bab177c34b1b6844ceea4adaced0ae : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01162015_125917.log - RKreport_SCN_01212015_171305.log
 
Hi, thanks for the help, had some issues running MBAR and had to uninstall MBAM.
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.01.22.01
rootkit: v2015.01.14.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Shake :: MASTERSHAKE [administrator]

1/21/2015 6:05:32 PM
mbar-log-2015-01-21 (18-05-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 335079
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Shake\AppData\Local\Temp\W.exe (Trojan.Downloader) -> Delete on reboot. [37324cae9eeb52e4282c36e19d671de3]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here is the log.
ComboFix 15-01-18.01 - Shake 01/21/2015 20:56:21.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3807 [GMT -7:00]
Running from: c:\users\Shake\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-12-22 to 2015-01-22 )))))))))))))))))))))))))))))))
.
.
2015-01-22 04:06 . 2015-01-22 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-18 17:37 . 2015-01-18 17:37 -------- d-----w- c:\users\Shake\AppData\Roaming\AVAST Software
2015-01-18 17:35 . 2015-01-20 11:15 -------- d-----w- c:\program files\Google
2015-01-18 17:34 . 2015-01-20 11:15 -------- d-----w- c:\program files (x86)\Google
2015-01-18 17:34 . 2015-01-20 05:43 -------- d-----w- c:\users\Shake\AppData\Local\Google
2015-01-18 17:34 . 2015-01-18 17:34 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-01-18 17:34 . 2015-01-18 17:34 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-18 17:34 . 2015-01-18 17:34 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-01-18 17:34 . 2015-01-18 17:34 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 17:34 . 2015-01-18 17:36 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-01-18 17:34 . 2015-01-18 17:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-18 17:34 . 2015-01-18 17:33 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-01-18 17:34 . 2015-01-18 17:36 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-18 17:34 . 2015-01-18 17:34 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-18 17:33 . 2015-01-18 17:33 43152 ----a-w- c:\windows\avastSS.scr
2015-01-18 17:32 . 2015-01-18 17:32 -------- d-----w- c:\program files\AVAST Software
2015-01-18 17:29 . 2015-01-18 17:32 -------- d-----w- c:\programdata\AVAST Software
2015-01-18 03:59 . 2015-01-20 20:40 -------- d-----w- c:\windows\system32\catroot2
2015-01-18 03:43 . 2015-01-18 03:43 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-01-18 03:18 . 2015-01-09 09:07 73840 ----a-w- c:\program files (x86)\Mozilla Firefox\wow_helper.exe
2015-01-18 03:18 . 2015-01-09 09:06 915376 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2015-01-18 00:51 . 2015-01-18 00:51 -------- d-----w- C:\RegBackup
2015-01-17 23:47 . 2015-01-17 23:47 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-01-17 10:48 . 2015-01-17 10:49 -------- d-----w- c:\program files (x86)\Mozilla Firefox(1)
2015-01-16 21:01 . 2015-01-21 21:11 -------- d-----w- C:\FRST
2015-01-16 19:47 . 2015-01-22 00:01 -------- d-----w- c:\programdata\RogueKiller
2015-01-16 04:59 . 2015-01-16 04:59 -------- d-----w- c:\program files (x86)\Trend Micro
2015-01-16 04:46 . 2015-01-16 04:46 -------- d-----w- C:\$RECYCLE(0).BIN
2015-01-16 04:16 . 2015-01-16 20:16 -------- d-----w- c:\programdata\Malwarebytes
2015-01-16 04:16 . 2015-01-22 04:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\users\Shake\AppData\Roaming\WinPatrol
2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\programdata\InstallMate
2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\program files (x86)\Ruiware
2015-01-13 18:31 . 2015-01-13 18:31 -------- d-----w- c:\users\Shake\AppData\Roaming\JAM Software
2015-01-07 21:56 . 2015-01-07 22:44 -------- d-----w- c:\users\Shake\AppData\Local\Microsoft Games
2015-01-01 10:16 . 2015-01-22 00:53 -------- d-----w- c:\users\Shake\AppData\Local\Downloaded Installations
2015-01-01 10:15 . 2015-01-01 10:15 -------- d-----w- c:\program files (x86)\Spirent Communications
2015-01-01 10:12 . 2015-01-22 00:53 -------- d-----w- c:\program files (x86)\HTC
2015-01-01 10:12 . 2015-01-01 10:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-01-01 10:12 . 2015-01-01 10:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-12-23 08:34 . 2014-12-23 08:34 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC7E0793-0F11-4E1F-B761-72FC95696C96}\offreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-22 04:08 . 2014-05-12 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 04:08 . 2014-05-12 09:43 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-31 03:07 . 2014-10-31 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2014-10-27 20:32 . 2014-11-19 20:16 17870336 ----a-w- c:\windows\system32\mshtml.dll
2014-10-27 20:13 . 2014-11-19 20:16 2339840 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 20:12 . 2014-11-19 20:16 10921472 ----a-w- c:\windows\system32\ieframe.dll
2014-10-27 20:07 . 2014-11-19 20:16 1388032 ----a-w- c:\windows\system32\urlmon.dll
2014-10-27 20:06 . 2014-11-19 20:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 20:05 . 2014-11-19 20:16 1494016 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 20:05 . 2014-11-19 20:16 237056 ----a-w- c:\windows\system32\url.dll
2014-10-27 20:05 . 2014-11-19 20:16 86016 ----a-w- c:\windows\system32\jsproxy.dll
2014-10-27 20:04 . 2014-11-19 20:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 20:04 . 2014-11-19 20:16 2157056 ----a-w- c:\windows\system32\iertutil.dll
2014-10-27 20:04 . 2014-11-19 20:16 599040 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 20:04 . 2014-11-19 20:16 816640 ----a-w- c:\windows\system32\jscript.dll
2014-10-27 20:04 . 2014-11-19 20:16 729088 ----a-w- c:\windows\system32\msfeeds.dll
2014-10-27 20:04 . 2014-11-19 20:16 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-10-27 20:03 . 2014-11-19 20:16 282112 ----a-w- c:\windows\system32\dxtrans.dll
2014-10-27 20:03 . 2014-11-19 20:16 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-10-27 20:03 . 2014-11-19 20:16 11264 ----a-w- c:\windows\system32\msfeedssync.exe
2014-10-27 20:03 . 2014-11-19 20:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2014-10-27 20:03 . 2014-11-19 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 20:03 . 2014-11-19 20:16 12800 ----a-w- c:\windows\system32\mshta.exe
2014-10-27 20:03 . 2014-11-19 20:16 248320 ----a-w- c:\windows\system32\ieui.dll
2014-10-27 19:05 . 2014-11-19 20:16 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-10-27 18:59 . 2014-11-19 20:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2014-10-27 18:58 . 2014-11-19 20:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-10-27 18:56 . 2014-11-19 20:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-10-27 18:56 . 2014-11-19 20:16 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-10-27 18:55 . 2014-11-19 20:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-10-27 18:55 . 2014-11-19 20:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LiveUpdate 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2014-03-05 322544]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-05-14 526240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-12-31 4997872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 17:33 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Toolbar-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
WebBrowser-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
AddRemove-ToneGen - c:\program files (x86)\NCH Software\ToneGen\tonegen.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-01-21 21:09:01
ComboFix-quarantined-files.txt 2015-01-22 04:09
ComboFix2.txt 2015-01-16 04:46
.
Pre-Run: 86,117,183,488 bytes free
Post-Run: 85,202,690,048 bytes free
.
- - End Of File - - DFA038D5B3031165358CEF9907088D54
5C616939100B85E558DA92B899A0FC36
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Posting now so not to lose reports running Farbar, will post Farbar report in a minute.
# AdwCleaner v4.108 - Report created 22/01/2015 at 01:46:54
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.2 [Live]
# Operating System : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Username : Shake - MASTERSHAKE
# Running from : C:\Users\Shake\Downloads\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\NCH Software
[!] Folder Deleted : C:\Program Files (x86)\FileAssociationManager
[!] Folder Deleted : C:\Program Files (x86)\NCH Software
[!] Folder Deleted : C:\Users\Shake\AppData\Roaming\FileAssociationManager
[!] Folder Deleted : C:\Users\Shake\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

Task Deleted : FileAssociationManagerUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\AppDataLow\Software\Safer-Surf

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3493 octets] - [15/06/2014 19:17:04]
AdwCleaner[R1].txt - [3537 octets] - [14/07/2014 19:04:53]
AdwCleaner[R2].txt - [1467 octets] - [22/01/2015 01:43:59]
AdwCleaner[S0].txt - [3451 octets] - [15/06/2014 19:18:08]
AdwCleaner[S1].txt - [3565 octets] - [14/07/2014 19:10:50]
AdwCleaner[S2].txt - [1386 octets] - [22/01/2015 01:46:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1446 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows (TM) Vista Ultimate x64
Ran by Shake on Thu 01/22/2015 at 1:57:11.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Shake\AppData\Roaming\mozilla\firefox\profiles\bxglrmeu.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 2:04:56.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Shake (administrator) on MASTERSHAKE on 22-01-2015 02:11:16
Running from C:\Users\Shake\Downloads
Loaded Profiles: Shake (Available profiles: Shake)
Platform: Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Thisisu) C:\Users\Shake\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Farbar) C:\Users\Shake\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [LiveUpdate 5] => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [322544 2014-03-05] ()
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-05-14] (NCSOFT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-18] (AVAST Software)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> {85157EC9-F09F-46DE-86FC-D2093E74E663} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11075
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - No File
Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-18]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2015-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-18] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2015-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-18] ()
S1 Beep; No ImagePath
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [912896 2010-09-20] (Hauppauge Computer Works, Inc)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-21] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Shake\AppData\Local\Temp\mfe_rr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 02:11 - 2015-01-22 02:11 - 00009418 _____ () C:\Users\Shake\Downloads\FRST.txt
2015-01-22 02:08 - 2015-01-22 02:08 - 02126848 _____ (Farbar) C:\Users\Shake\Downloads\FRST64(1).exe
2015-01-22 02:04 - 2015-01-22 02:04 - 00000769 _____ () C:\Users\Shake\Desktop\JRT.txt
2015-01-22 01:57 - 2015-01-22 01:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-22 01:55 - 2015-01-22 01:55 - 01707939 _____ (Thisisu) C:\Users\Shake\Downloads\JRT.exe
2015-01-22 01:43 - 2015-01-22 01:43 - 02186752 _____ () C:\Users\Shake\Downloads\adwcleaner_4.108.exe
2015-01-21 21:09 - 2015-01-21 21:09 - 00011127 _____ () C:\ComboFix.txt
2015-01-21 20:49 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 20:49 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 20:49 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 20:49 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 20:49 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 20:49 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 20:49 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 20:49 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 20:48 - 2015-01-21 21:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 20:46 - 2015-01-21 20:46 - 05608785 ____R (Swearware) C:\Users\Shake\Downloads\ComboFix.exe
2015-01-21 17:58 - 2015-01-21 18:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 17:58 - 2015-01-21 18:31 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 17:53 - 2015-01-21 17:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-21 17:33 - 2015-01-21 17:33 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Shake\Downloads\mbar-1.08.3.1004(1).exe
2015-01-21 17:01 - 2015-01-21 17:01 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-21 17:00 - 2015-01-21 17:00 - 15431256 _____ () C:\Users\Shake\Downloads\RogueKiller.exe
2015-01-21 16:50 - 2015-01-21 19:04 - 00010302 _____ () C:\Users\Shake\Downloads\SystemLook.txt
2015-01-21 16:49 - 2015-01-21 16:49 - 00096256 _____ () C:\Users\Shake\Downloads\SystemLook_x64.exe
2015-01-21 16:10 - 2015-01-21 16:10 - 00010511 _____ () C:\Users\Shake\Downloads\MBAMScan.txt
2015-01-21 15:58 - 2015-01-21 15:59 - 00010511 _____ () C:\MBAMScan.txt
2015-01-21 15:47 - 2015-01-21 15:47 - 109640712 _____ (Sophos Limited) C:\Users\Shake\Downloads\Sophos Virus Removal Tool(1).exe
2015-01-21 15:43 - 2015-01-21 15:43 - 00380416 _____ () C:\Users\Shake\Downloads\9nxl45cf.exe
2015-01-21 15:25 - 2015-01-21 15:25 - 05198336 _____ (AVAST Software) C:\Users\Shake\Downloads\aswMBR(1).exe
2015-01-21 15:05 - 2015-01-21 15:05 - 00000000 ____D () C:\Users\Shake\Downloads\RootRepeal(1)
2015-01-21 15:04 - 2015-01-21 15:04 - 00000000 ____D () C:\Users\Shake\Downloads\RootkitRevealer
2015-01-21 15:02 - 2015-01-21 15:02 - 00000000 ____D () C:\Users\Shake\Downloads\TMRBLog
2015-01-21 15:00 - 2015-01-21 15:01 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150121_150052.log
2015-01-21 15:00 - 2015-01-21 15:00 - 08656400 _____ (Trend Micro Inc.) C:\Users\Shake\Downloads\RootkitBuster_v5_1061(1).exe
2015-01-21 15:00 - 2015-01-21 15:00 - 01020640 _____ () C:\Users\Shake\Downloads\antirootkit.exe
2015-01-21 15:00 - 2015-01-21 15:00 - 00783120 _____ (McAfee, Inc.) C:\Users\Shake\Downloads\rootkitremover(1).exe
2015-01-21 14:59 - 2015-01-21 14:59 - 00464491 _____ () C:\Users\Shake\Downloads\RootRepeal(1).zip
2015-01-21 14:59 - 2015-01-21 14:59 - 00231390 _____ () C:\Users\Shake\Downloads\RootkitRevealer.zip
2015-01-20 20:22 - 2015-01-20 20:22 - 00000017 _____ () C:\Users\Shake\Downloads\b0rscit0.bat
2015-01-20 19:14 - 2015-01-20 19:19 - 00177074 _____ () C:\TDSSKiller.3.0.0.43_20.01.2015_19.14.03.txt
2015-01-20 19:13 - 2015-01-19 18:44 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\Shake\Downloads\TDSSKiller.exe
2015-01-20 19:06 - 2015-01-20 19:06 - 00380416 _____ () C:\Users\Shake\Downloads\b0rscit0.exe
2015-01-20 18:17 - 2015-01-20 18:20 - 00000000 ____D () C:\Users\Shake\Virustemp
2015-01-20 18:10 - 2015-01-20 18:11 - 00028507 _____ () C:\Users\Shake\Downloads\Addition201501201810.txt
2015-01-20 18:09 - 2015-01-20 18:15 - 00041262 _____ () C:\Users\Shake\Downloads\FRST201501201809.txt
2015-01-20 18:06 - 2015-01-20 18:06 - 02126848 _____ (Farbar) C:\Users\Shake\Downloads\FRST64.exe
2015-01-20 17:59 - 2015-01-20 17:59 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-20 17:57 - 2015-01-20 17:57 - 00001990 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-01-20 17:55 - 2015-01-20 17:55 - 00464491 _____ () C:\Users\Shake\Downloads\RootRepeal.zip
2015-01-20 17:54 - 2015-01-20 17:54 - 08656400 _____ (Trend Micro Inc.) C:\Users\Shake\Downloads\RootkitBuster_v5_1061.exe
2015-01-20 17:52 - 2015-01-20 17:52 - 109552400 _____ (Sophos Limited) C:\Users\Shake\Downloads\Sophos Virus Removal Tool.exe
2015-01-20 17:03 - 2015-01-20 17:03 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150120_170319.log
2015-01-20 09:57 - 2015-01-20 20:40 - 04738431 _____ () C:\Users\Shake\Downloads\CBS.log
2015-01-20 03:54 - 2015-01-20 03:54 - 00007422 _____ () C:\Users\Shake\Downloads\ESET SCAN 2015012003.txt
2015-01-20 01:34 - 2015-01-20 01:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shake\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 01:26 - 2015-01-20 01:26 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-20 01:25 - 2015-01-20 01:25 - 02347384 _____ (ESET) C:\Users\Shake\Downloads\esetsmartinstaller_enu.exe
2015-01-20 00:29 - 2015-01-20 00:29 - 00002412 _____ () C:\Users\Shake\Downloads\aswMBRScan201501192330.txt
2015-01-20 00:29 - 2015-01-20 00:29 - 00000512 _____ () C:\Users\Shake\Downloads\MBR.dat
2015-01-19 23:37 - 2015-01-19 23:38 - 05198336 _____ (AVAST Software) C:\Users\Shake\Downloads\aswMBR.exe
2015-01-19 23:35 - 2015-01-21 15:02 - 00000000 ____D () C:\Users\Shake\Pavark
2015-01-19 23:34 - 2015-01-19 23:34 - 00783120 _____ (McAfee, Inc.) C:\Users\Shake\Downloads\rootkitremover.exe
2015-01-19 23:34 - 2015-01-19 23:34 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150119_233412.log
2015-01-19 23:30 - 2015-01-19 23:30 - 01472131 _____ () C:\Users\Shake\Downloads\vba32arkit.zip
2015-01-19 23:30 - 2015-01-19 23:30 - 00000000 ____D () C:\Users\Shake\Downloads\vba32arkit
2015-01-19 23:18 - 2015-01-19 23:22 - 00010818 _____ () C:\Users\Shake\Downloads\Result.txt
2015-01-19 23:18 - 2015-01-19 23:18 - 00957952 _____ (Farbar) C:\Users\Shake\Downloads\ListParts64.exe
2015-01-19 23:01 - 2015-01-19 23:01 - 00000000 ____D () C:\Users\Shake\Downloads\ProcessExplorer
2015-01-19 21:30 - 2015-01-19 21:30 - 00001960 _____ () C:\Users\Shake\Desktop\HiJackThis.lnk
2015-01-19 21:30 - 2015-01-19 21:30 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-01-19 21:29 - 2015-01-19 21:29 - 01402880 _____ () C:\Users\Shake\Downloads\HiJackThis.msi
2015-01-19 21:26 - 2015-01-19 21:26 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Shake\Downloads\ADSSpy.exe
2015-01-19 19:34 - 2015-01-19 19:34 - 00000627 _____ () C:\Users\Shake\Desktop\Reports - Shortcut.lnk
2015-01-19 19:33 - 2015-01-19 19:33 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-19 19:24 - 2015-01-22 02:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-19 19:24 - 2015-01-19 19:24 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-01-19 19:24 - 2015-01-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-19 18:49 - 2015-01-19 18:51 - 172997016 _____ (Emsisoft Ltd. ) C:\Users\Shake\Downloads\EmsisoftAntiMalwareSetup.exe
2015-01-19 18:43 - 2015-01-19 18:44 - 00002458 _____ () C:\Users\Shake\Desktop\Rkill.txt
2015-01-19 18:42 - 2015-01-19 18:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Shake\Downloads\rkill.exe
2015-01-19 18:25 - 2015-01-19 18:25 - 00012757 _____ () C:\Users\Shake\Downloads\DDS.txt
2015-01-19 18:25 - 2015-01-19 18:25 - 00010792 _____ () C:\Users\Shake\Downloads\Attach.txt
2015-01-19 17:35 - 2015-01-19 17:35 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Shake\Downloads\mbar-1.08.3.1004.exe
2015-01-19 17:14 - 2015-01-19 17:15 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Google
2015-01-19 17:10 - 2015-01-19 17:10 - 00012757 _____ () C:\Users\Shake\Desktop\dds.txt
2015-01-19 17:10 - 2015-01-19 17:10 - 00010802 _____ () C:\Users\Shake\Desktop\attach.txt
2015-01-19 17:05 - 2015-01-19 17:05 - 00688992 ____R (Swearware) C:\Users\Shake\Downloads\dds.com
2015-01-18 10:38 - 2015-01-18 10:38 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000
2015-01-18 10:37 - 2015-01-18 10:37 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\AVAST Software
2015-01-18 10:36 - 2015-01-18 10:36 - 00001827 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-18 10:36 - 2015-01-18 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-18 10:35 - 2015-01-22 01:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 10:35 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files\Google
2015-01-18 10:34 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-18 10:34 - 2015-01-19 22:43 - 00000000 ____D () C:\Users\Shake\AppData\Local\Google
2015-01-18 10:34 - 2015-01-18 10:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-18 10:34 - 2015-01-18 10:36 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-18 10:34 - 2015-01-18 10:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-01-18 10:34 - 2015-01-18 10:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-18 10:34 - 2015-01-18 10:33 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-01-18 10:33 - 2015-01-18 10:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-18 10:32 - 2015-01-18 10:32 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-18 10:29 - 2015-01-18 10:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-18 10:29 - 2015-01-18 10:29 - 05006864 _____ (AVAST Software) C:\Users\Shake\Downloads\avast_free_antivirus_setup_online.exe
2015-01-17 20:31 - 2015-01-17 20:31 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERSHAKE-Microsoft®-Windows-Vista™-Ultimate-(64-bit).dat
2015-01-17 20:30 - 2015-01-17 20:30 - 00001994 _____ () C:\Users\Shake\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-01-17 20:30 - 2015-01-17 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-17 20:29 - 2015-01-17 20:29 - 09842552 _____ () C:\Users\Shake\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-01-17 20:17 - 2015-01-17 20:17 - 00243416 _____ () C:\Users\Shake\Downloads\Firefox Setup Stub 35.0.exe
2015-01-17 17:51 - 2015-01-17 17:51 - 00000000 ____D () C:\RegBackup
2015-01-17 16:47 - 2015-01-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-17 03:48 - 2015-01-17 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox(1)
2015-01-16 14:05 - 2015-01-17 12:55 - 00024280 _____ () C:\Users\Shake\Downloads\Addition201501161402.txt
2015-01-16 14:04 - 2015-01-17 12:54 - 00021393 _____ () C:\Users\Shake\Downloads\FRST201501161404.txt
2015-01-16 14:01 - 2015-01-22 02:11 - 00000000 ____D () C:\FRST
2015-01-16 12:47 - 2015-01-21 17:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-16 12:32 - 2015-01-16 12:32 - 00465298 _____ () C:\Users\Shake\Downloads\RootRepeal.rar
2015-01-15 21:59 - 2015-01-15 21:59 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\$RECYCLE(0).BIN
2015-01-15 21:38 - 2015-01-21 21:09 - 00000000 ____D () C:\Qoobox
2015-01-15 21:16 - 2015-01-22 01:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-15 21:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 21:15 - 2015-01-21 21:04 - 00000000 ____D () C:\Users\Shake\Desktop\mbar
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\WinPatrol
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\JAM Software
2015-01-07 14:56 - 2015-01-07 15:44 - 00000000 ____D () C:\Users\Shake\AppData\Local\Microsoft Games
2015-01-01 03:43 - 2015-01-01 03:43 - 00000000 ____D () C:\Users\Shake\Documents\My Photos
2015-01-01 03:23 - 2015-01-01 03:23 - 00003534 _____ () C:\Windows\System32\Tasks\Launch HTC Sync Loader
2015-01-01 03:16 - 2015-01-21 17:53 - 00000000 ____D () C:\Users\Shake\AppData\Local\Downloaded Installations
2015-01-01 03:15 - 2015-01-01 03:20 - 00010544 _____ () C:\Windows\DPINST.LOG
2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2015-01-01 03:12 - 2015-01-21 17:53 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 03:04 - 2015-01-01 03:06 - 165708080 _____ (HTC Corporation ) C:\Users\Shake\Downloads\setup_3.3.63.exe
2015-01-01 03:00 - 2015-01-01 03:01 - 95270347 _____ (HTC_WWE ) C:\Users\Shake\Downloads\AQUA_Cingular_US_634526440942972924_01_131968_Commercial.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 01:58 - 2014-08-16 10:27 - 00000000 ____D () C:\Users\Shake\AppData\Local\CrashDumps
2015-01-22 01:56 - 2008-02-06 02:04 - 01599190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 01:56 - 2008-02-06 02:03 - 00690954 _____ () C:\Windows\system32\perfh019.dat
2015-01-22 01:56 - 2008-02-06 02:03 - 00143506 _____ () C:\Windows\system32\perfc019.dat
2015-01-22 01:54 - 2008-01-20 18:53 - 01759420 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 01:51 - 2006-11-02 08:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 01:51 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 01:51 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 01:51 - 2006-11-02 08:06 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-22 01:50 - 2006-11-02 08:39 - 00059036 _____ () C:\Windows\PFRO.log
2015-01-22 01:48 - 2006-11-02 08:40 - 00025864 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 01:46 - 2014-06-15 19:16 - 00000000 ____D () C:\AdwCleaner
2015-01-21 21:09 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2015-01-21 21:06 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-21 18:19 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\MSAgent64
2015-01-20 19:12 - 2014-08-01 21:15 - 04168247 _____ () C:\Users\Shake\Downloads\tdsskiller.zip
2015-01-20 18:17 - 2014-05-11 05:20 - 00000000 ____D () C:\Users\Shake
2015-01-19 22:08 - 2014-10-08 11:47 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Awesomium
2015-01-17 21:00 - 2014-05-11 05:23 - 00049168 _____ () C:\Users\Shake\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 20:58 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 20:58 - 2006-11-02 08:21 - 00236768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 20:49 - 2006-11-02 05:34 - 00000180 _____ () C:\Windows\win.ini
2015-01-17 20:43 - 2014-05-13 04:59 - 01599190 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-17 20:18 - 2014-12-08 15:20 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-17 20:18 - 2014-12-08 15:20 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 20:18 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 19:57 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-01-17 19:55 - 2014-11-24 19:22 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-17 19:55 - 2014-09-30 14:21 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.2014.WEBRip.CAMAUDIO.XviD-AQOS
2015-01-17 19:55 - 2014-09-30 01:51 - 00000000 ____D () C:\Users\Shake\Downloads\Good.People.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-30 01:50 - 00000000 ____D () C:\Users\Shake\Downloads\What.If.2013.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.For.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Kite.2014.BRRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-30 01:27 - 00000000 ____D () C:\Users\Shake\Downloads\Falcon.Rising.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\White.Bird.in.a.Blizzard.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Run.Like.Hell.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Are.You.Here.2013.HDRip.XViD.AC3-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 01:33 - 00000000 ____D () C:\Users\Shake\Downloads\Transformers.Age.of.Extinction.2014.HDRip.XViD.AC3-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 01:12 - 00000000 ____D () C:\Users\Shake\Downloads\The.Giver.2014.REPACK.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-23 01:04 - 00000000 ____D () C:\Users\Shake\Downloads\American.Muscle.2014.DVDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 01:03 - 00000000 ____D () C:\Users\Shake\Downloads\7500.2014.BRRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 01:00 - 00000000 ____D () C:\Users\Shake\Downloads\Honeymoon.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 00:56 - 00000000 ____D () C:\Users\Shake\Downloads\Life.of.Crime.2013.HDRip.XViD.AC3-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 00:52 - 00000000 ____D () C:\Users\Shake\Downloads\Operation.Rogue.2014.DVDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 00:49 - 00000000 ____D () C:\Users\Shake\Downloads\The.Raid.2.2014.BDRip.x264-GECKOS[rarbg]
2015-01-17 19:55 - 2014-09-23 00:34 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-23 00:31 - 00000000 ____D () C:\Users\Shake\Downloads\The.Rover.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-23 00:29 - 00000000 ____D () C:\Users\Shake\Downloads\bp-towdvds
2015-01-17 19:55 - 2014-09-23 00:28 - 00000000 ____D () C:\Users\Shake\Downloads\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB
2015-01-17 19:55 - 2014-09-23 00:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Longest.Week.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-23 00:24 - 00000000 ____D () C:\Users\Shake\Downloads\Live.Nude.Girls.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-23 00:17 - 00000000 ____D () C:\Users\Shake\Downloads\RoboCop (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-23 00:03 - 00000000 ____D () C:\Users\Shake\Downloads\Chef.2014.HDRip.XViD.AC3-j****[ETRG]
2015-01-17 19:55 - 2014-09-22 23:50 - 00000000 ____D () C:\Users\Shake\Downloads\Batman.Assault.on.Arkham.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\Third.Person.2013.BRRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\The.Hornet's.Nest.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\The Lego Movie (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Oculus [2013] HDRip XViD j****[ETRG]
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Into.The.Storm.2014.FIRST.CAM.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Boyhood.2014.720p.WEBRip.HC.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Expendables.3.2014.DVDSCR.Xvid-DiNGO
2015-01-17 19:55 - 2014-09-22 23:09 - 00000000 ____D () C:\Users\Shake\Downloads\The.November.Man.2014.HC.WEBRip.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Reclaim.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Lost.Time.2014.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Dawn.Of.The.Planet.Of.The.Apes.2014.TS.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 23:00 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.1080p.WEBRip.HC.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 22:22 - 00000000 ____D () C:\Users\Shake\Downloads\The.Signal.2014.HDRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-09-22 22:21 - 00000000 ____D () C:\Users\Shake\Downloads\The.Captive.2014.DVDRip.XviD-EVO
2015-01-17 19:55 - 2014-09-22 22:05 - 00000000 ____D () C:\Users\Shake\Downloads\The.Prince.2014.HDRip.XviD-AQOS
2015-01-17 19:55 - 2014-09-22 22:04 - 00000000 ____D () C:\Users\Shake\Downloads\No.Good.Deed.2014.FIRST.CAM.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Transcendence (2014) DVDRip XviD-MAXSPEED
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\The.Inbetweeners.2.2014.HDRip.XviD.MP3-RARBG
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Moms.Night.Out.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Lets.Be.Cops.2014.CAM.CLEAN.NOSUBS.X264.AAC-RARBG
2015-01-17 19:55 - 2014-09-02 03:51 - 00000000 ____D () C:\Users\Shake\Downloads\Begin.Again.2013.HDRip.XviD.AC3-EVO
2015-01-17 19:55 - 2014-06-30 16:40 - 00000000 ____D () C:\Users\Shake\Downloads\Under.the.Skin.2013.HDRip.XViD.j****[ETRG]
2015-01-17 19:55 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Shake\Downloads\They.Came.Together.2014.HDRip.XViD.j****[ETRG]
2015-01-17 19:55 - 2014-06-23 21:10 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\dvdcss
2015-01-17 19:55 - 2014-06-23 20:58 - 00000000 ____D () C:\Users\Shake\Downloads\Swelter.2014.BRRip.XViD-j****[ETRG]
2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\The Fault In Our Stars 2014 CAM READNFO XViD-BL4CKP34RL
2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\bp-bmwsa
2015-01-17 19:55 - 2014-06-18 07:49 - 00000000 ____D () C:\Users\Shake\Downloads\X-Men.Days.Of.Future.Past.2014.HD-TS.XVID.AC3.HQ.Hive-CM8
2015-01-17 19:55 - 2014-06-18 07:13 - 00000000 ____D () C:\Users\Shake\Downloads\A.Fighting.Man.2014.HDRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-06-18 07:05 - 00000000 ____D () C:\Users\Shake\Downloads\The Immigrant [2014] BDRip XviD-SaM[ETG]
2015-01-17 19:55 - 2014-06-18 07:00 - 00000000 ____D () C:\Users\Shake\Downloads\Mr. Peabody & Sherman[2014] HC HDRip XViD j****[ETRG]
2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Enemy.2013.LIMITED.BRRip.XviD-SaM[ETRG]
2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Anchorman 2 The Legend Continues [2013] HDRip XViD j****[ETRG]
2015-01-17 19:55 - 2014-06-17 00:39 - 00000000 ____D () C:\Users\Shake\Downloads\Edge of Tomorrow 2014 TS x264 AC3 TiTAN
2015-01-17 19:55 - 2014-06-12 06:22 - 00000000 ____D () C:\Users\Shake\Downloads\Louie.S04E03.720p.HDTV.x264-KILLERS[rarbg]
2015-01-17 19:55 - 2014-06-11 14:04 - 00000000 ____D () C:\Users\Shake\Downloads\Louie Season 2 Complete 720p
2015-01-17 19:55 - 2014-06-11 03:45 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\uTorrent
2015-01-17 19:55 - 2014-05-14 23:40 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\vlc
2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 19:55 - 2006-11-02 08:06 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-17 19:55 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\spool
2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\software_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\components_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 19922944 _____ () C:\Windows\system32\config\system_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 01572864 _____ () C:\Windows\system32\config\default_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\registration
2015-01-16 13:52 - 2006-11-02 08:15 - 00000000 ____D () C:\Windows\WindowsMobile
2015-01-15 22:23 - 2014-05-23 16:43 - 00000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
2015-01-15 14:05 - 2014-05-14 15:40 - 00007578 _____ () C:\Users\Shake\Documents\Bills Paid.txt
2015-01-15 01:15 - 2014-05-23 16:47 - 00324667 _____ () C:\Users\Shake\AppData\Local\census.cache
2015-01-15 01:15 - 2014-05-23 16:47 - 00198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
2015-01-13 10:48 - 2014-05-11 14:39 - 00020569 _____ () C:\Windows\DirectX.log
2015-01-01 03:34 - 2006-11-02 08:26 - 00074418 _____ () C:\Windows\setupact.log
2015-01-01 03:12 - 2014-05-12 02:43 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Adobe
2015-01-01 03:12 - 2014-05-12 02:42 - 00000000 ____D () C:\Users\Shake\AppData\Local\Adobe
2014-12-31 18:53 - 2014-11-24 18:48 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software

==================== Files in the root of some directories =======
2014-05-23 16:47 - 2015-01-15 01:15 - 0198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
2014-05-23 16:47 - 2015-01-15 01:15 - 0324667 _____ () C:\Users\Shake\AppData\Local\census.cache
2014-05-11 05:22 - 2014-05-11 05:38 - 0000732 _____ () C:\Users\Shake\AppData\Local\d3d9caps64.dat
2014-05-11 05:41 - 2014-07-01 00:34 - 0025600 _____ () C:\Users\Shake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-30 20:07 - 2014-10-30 20:07 - 0966992 _____ () C:\Users\Shake\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI04E5.txt
2014-10-30 19:57 - 2014-10-30 20:03 - 0129226 _____ () C:\Users\Shake\AppData\Local\dd_depcheck_VCS_EXP_100.txt
2014-10-30 20:02 - 2014-10-30 20:02 - 0350996 _____ () C:\Users\Shake\AppData\Local\dd_dw20shared_x86_msi0135.txt
2014-10-30 19:57 - 2014-10-30 19:57 - 0000002 _____ () C:\Users\Shake\AppData\Local\dd_error_vcs_xcor_100.txt
2014-10-30 20:07 - 2014-10-30 20:07 - 0339476 _____ () C:\Users\Shake\AppData\Local\dd_HelpSetup_MSI0519.txt
2014-10-30 19:57 - 2014-10-30 20:08 - 0564352 _____ () C:\Users\Shake\AppData\Local\dd_install_vcs_xcor_100.txt
2014-10-30 20:03 - 2014-10-30 20:03 - 1540754 _____ () C:\Users\Shake\AppData\Local\dd_netfx_dtp0220.txt
2014-10-30 20:06 - 2014-10-30 20:07 - 1632638 _____ () C:\Users\Shake\AppData\Local\dd_SharedManagementObjects_MSI047D.txt
2014-10-30 20:06 - 2014-10-30 20:06 - 0213308 _____ () C:\Users\Shake\AppData\Local\dd_SQLCEToolsForVS2007_MSI043B.txt
2014-10-30 20:06 - 2014-10-30 20:06 - 0500828 _____ () C:\Users\Shake\AppData\Local\dd_SQLSysClrTypes_msi044C.txt
2014-10-30 20:05 - 2014-10-30 20:06 - 0688896 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_64_MSI0407.txt
2014-10-30 20:05 - 2014-10-30 20:05 - 0712880 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_MSI03C9.txt
2014-06-15 19:04 - 2014-06-15 19:05 - 0436724 _____ () C:\Users\Shake\AppData\Local\dd_vcredistMSI04CA.txt
2014-06-15 19:04 - 2014-06-15 19:05 - 0015590 _____ () C:\Users\Shake\AppData\Local\dd_vcredistUI04CA.txt
2014-10-30 20:02 - 2014-10-30 20:03 - 0467036 _____ () C:\Users\Shake\AppData\Local\dd_VC_Red_MSI0187.txt
2014-10-30 20:02 - 2014-10-30 20:02 - 0340340 _____ () C:\Users\Shake\AppData\Local\dd_vc_runtime_x64_msi016D.txt
2014-10-30 20:03 - 2014-10-30 20:03 - 1291236 _____ () C:\Users\Shake\AppData\Local\dd_vsexpbsln64_10001EF.txt
2014-10-30 20:03 - 2014-10-30 20:05 - 13196158 _____ () C:\Users\Shake\AppData\Local\dd_VSMsiLog0279.txt
2014-05-23 16:21 - 2014-05-23 16:21 - 0000036 _____ () C:\Users\Shake\AppData\Local\housecall.guid.cache
2014-05-23 16:43 - 2015-01-15 22:23 - 0000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
2014-10-30 19:57 - 2014-10-30 20:08 - 0005278 _____ () C:\Users\Shake\AppData\Local\uxeventlog.txt
2014-05-14 05:09 - 2014-05-14 05:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Shake\AppData\Local\Temp\Quarantine.exe
C:\Users\Shake\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-22 01:57

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Shake at 2015-01-22 02:12:00
Running from C:\Users\Shake\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.115 - MSI)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.12 - NCH Software)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.252.1109.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

01-05-2014 02:56:28 Scheduled Checkpoint
01-05-2014 23:00:08 Scheduled Checkpoint
03-05-2014 03:30:55 Scheduled Checkpoint
03-05-2014 23:14:55 Scheduled Checkpoint
04-05-2014 23:00:05 Scheduled Checkpoint
06-05-2014 22:41:46 Scheduled Checkpoint
08-05-2014 04:43:03 Scheduled Checkpoint
08-05-2014 23:01:05 Scheduled Checkpoint
10-05-2014 05:40:18 Scheduled Checkpoint
23-12-2014 00:21:09 Scheduled Checkpoint
24-12-2014 00:19:47 Scheduled Checkpoint
25-12-2014 00:00:12 Scheduled Checkpoint
26-12-2014 04:12:32 Scheduled Checkpoint
27-12-2014 08:23:10 Scheduled Checkpoint
29-12-2014 03:00:42 Scheduled Checkpoint
30-12-2014 00:00:32 Scheduled Checkpoint
31-12-2014 00:23:56 Scheduled Checkpoint
01-01-2015 00:24:23 Scheduled Checkpoint
01-01-2015 03:12:51 Device Driver Package Install: HTC Corporation Ports (COM & LPT)
01-01-2015 03:13:26 Device Driver Package Install: HTC Corporation Modems
01-01-2015 03:15:36 Device Driver Package Install: HTC, Corporation
01-01-2015 03:16:46 Device Driver Package Install: HTC Corporation Network adapters
01-01-2015 03:16:46 Device Driver Package Install: HTC Network Protocol
01-01-2015 03:19:25 Device Driver Package Install: HTC Corporation Portable Devices
01-01-2015 03:21:29 Installed HTC Sync.
02-01-2015 00:00:32 Scheduled Checkpoint
03-01-2015 06:49:36 Scheduled Checkpoint
04-01-2015 06:47:08 Scheduled Checkpoint
05-01-2015 10:04:45 Scheduled Checkpoint
06-01-2015 00:00:22 Scheduled Checkpoint
07-01-2015 00:32:08 Scheduled Checkpoint
08-01-2015 00:31:55 Scheduled Checkpoint
09-01-2015 01:49:00 Scheduled Checkpoint
10-01-2015 00:25:01 Scheduled Checkpoint
11-01-2015 00:41:43 Scheduled Checkpoint
12-01-2015 04:03:36 Scheduled Checkpoint
13-01-2015 00:00:27 Scheduled Checkpoint
14-01-2015 00:00:23 Scheduled Checkpoint
15-01-2015 00:19:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
15-01-2015 21:58:55 Installed HiJackThis
16-01-2015 15:28:46 Scheduled Checkpoint
17-01-2015 17:52:16 Tweaking.com - Windows Repair
17-01-2015 19:46:31 Restore Operation
17-01-2015 20:31:45 Tweaking.com - Windows Repair
18-01-2015 10:31:46 avast! antivirus system restore point
19-01-2015 04:56:40 Scheduled Checkpoint
19-01-2015 21:30:10 Installed HiJackThis
20-01-2015 13:39:53 Scheduled Checkpoint
20-01-2015 17:56:48 Installed Sophos Virus Removal Tool.
21-01-2015 17:52:00 Removed HTC Sync.
21-01-2015 18:15:04 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2015-01-17 20:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BC4EB4F-626F-4DB9-9895-761249E8144F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {5EF69DC2-D525-489E-A524-2089CC814281} - System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000 => Firefox.exe
Task: {66DBF1DB-CACD-4CB1-BADF-FF1499AC9FF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2008-06-03 02:35 - 2008-06-03 02:35 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2014-05-14 23:01 - 2013-08-26 05:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-01-01 03:16 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-01-22 01:53 - 2015-01-22 01:53 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012201\algo.dll
2015-01-18 10:33 - 2015-01-18 10:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 15:20 - 2015-01-09 02:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-21 21:04 - 2014-12-21 21:08 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60070219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60070219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1027772261-2917165354-2662933974-500 - Administrator - Disabled)
Guest (S-1-5-21-1027772261-2917165354-2662933974-501 - Limited - Disabled)
Shake (S-1-5-21-1027772261-2917165354-2662933974-1000 - Administrator - Enabled) => C:\Users\Shake

==================== Faulty Device Manager Devices =============

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-01-22 02:11:53.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-22 02:11:53.386
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-22 02:11:53.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-22 02:11:53.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 20:56:42.232
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 20:56:42.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 20:56:41.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 20:56:41.686
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 18:35:46.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-21 18:35:46.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 6133.2 MB
Available physical RAM: 4471.49 MB
Total Pagefile: 10432.74 MB
Available Pagefile: 8319.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2048 GB) (Free:86.87 GB) NTFS
Drive d: () (Fixed) (Total:1397.26 GB) (Free:34.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:149.05 GB) (Free:11.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 2794.5 GB) (Disk ID: 70177B72)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 4E3F0AC9)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1BE2A512)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1,000 bytes · Views: 1
Issues still remain.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Shake at 2015-01-22 13:51:28 Run:3
Running from C:\Users\Shake\Downloads
Loaded Profiles: Shake (Available profiles: Shake)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - No File
Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S1 Beep; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MFE_RR; \??\C:\Users\Shake\AppData\Local\Temp\mfe_rr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Shake\AppData\Local\Temp\Quarantine.exe
C:\Users\Shake\AppData\Local\Temp\sqlite3.dll
C:\Windows\System32\atiumdag.dll
C:\Windows\System32\atiumdva.dll

*****************

"HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} => Key not found.
HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Beep => Service deleted successfully.
IpInIp => Service deleted successfully.
MFE_RR => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
"C:\Users\Shake\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Shake\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
C:\Windows\System32\atiumdag.dll => Moved successfully.
C:\Windows\System32\atiumdva.dll => Moved successfully.

==== End of Fixlog 13:51:28 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
TFC ran fine, note, it rebooted without warning, just wanted you to know.
Sophos found some stuff, but it's all very old backup stuff of kids games and actually some virus removal tools.
I don't know if this helps, but I have a parallel load of Windows Vista (32 bit) loaded on this machine. Perhaps scanning from that load would give us some different options?

Farbar Service Scanner Version: 17-01-2015
Ran by Shake (administrator) on 22-01-2015 at 15:01:48
Running from "C:\Users\Shake\Downloads"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
2015-01-21 00:59:32.920 Sophos Virus Removal Tool version 2.5.4
2015-01-21 00:59:32.921 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-21 00:59:32.921 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-21 00:59:32.921 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
2015-01-21 00:59:32.921 Checking for updates...
2015-01-21 00:59:41.642 Option all = no
2015-01-21 00:59:41.642 Option recurse = yes
2015-01-21 00:59:41.642 Option archive = no
2015-01-21 00:59:41.643 Option service = yes
2015-01-21 00:59:41.643 Option confirm = yes
2015-01-21 00:59:41.643 Option sxl = yes
2015-01-21 00:59:41.644 Option max-data-age = 35
2015-01-21 00:59:41.644 Option EnableSafeClean = yes
2015-01-21 00:59:43.549 Option vdl-logging = yes
2015-01-21 00:59:43.603 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-21 00:59:43.603 Machine ID: 78c1b8c441544700a605f6a48d8daab2
2015-01-21 00:59:43.605 Component SVRTcli.exe version 2.5.4
2015-01-21 00:59:43.606 Component control.dll version 2.5.4
2015-01-21 00:59:43.606 Component SVRTservice.exe version 2.5.4
2015-01-21 00:59:43.606 Component engine\osdp.dll version 1.44.1.2183
2015-01-21 00:59:43.607 Component engine\veex.dll version 3.58.3.2183
2015-01-21 00:59:43.607 Component engine\savi.dll version 8.1.5.2183
2015-01-21 00:59:43.608 Component rkdisk.dll version 1.5.30.0
2015-01-21 00:59:43.609 Version info: Product version 2.5.4
2015-01-21 00:59:43.610 Version info: Detection engine 3.58.3
2015-01-21 00:59:43.610 Version info: Detection data 5.08
2015-01-21 00:59:43.610 Version info: Build date 11/11/2014
2015-01-21 00:59:43.610 Version info: Data files added 613
2015-01-21 00:59:43.610 Version info: Last successful update (not yet updated)
2015-01-21 00:59:46.664 Update progress: proxy server not available
2015-01-21 00:59:46.799 Update error: failed to read remote metadata (error 4)
Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml

2015-01-21 01:07:35.945 SafeClean bin directory is empty.
2015-01-21 01:07:35.945 Error level 0

2015-01-21 01:07:38.340 Scan cancelled by user.
2015-01-21 01:07:38.340

------------------------------------------------------------

2015-01-21 01:20:43.651 Sophos Virus Removal Tool version 2.5.4
2015-01-21 01:20:43.651 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-21 01:20:43.651 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-21 01:20:43.651 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
2015-01-21 01:20:43.652 Checking for updates...
2015-01-21 01:20:51.972 Option all = no
2015-01-21 01:20:51.972 Option recurse = yes
2015-01-21 01:20:51.972 Option archive = no
2015-01-21 01:20:51.972 Option service = yes
2015-01-21 01:20:51.972 Option confirm = yes
2015-01-21 01:20:51.972 Option sxl = yes
2015-01-21 01:20:51.974 Option max-data-age = 35
2015-01-21 01:20:51.974 Option EnableSafeClean = yes
2015-01-21 01:20:52.026 Option vdl-logging = yes
2015-01-21 01:20:52.031 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-21 01:20:52.031 Machine ID: 78c1b8c441544700a605f6a48d8daab2
2015-01-21 01:20:52.032 Component SVRTcli.exe version 2.5.4
2015-01-21 01:20:52.033 Component control.dll version 2.5.4
2015-01-21 01:20:52.033 Component SVRTservice.exe version 2.5.4
2015-01-21 01:20:52.033 Component engine\osdp.dll version 1.44.1.2183
2015-01-21 01:20:52.034 Component engine\veex.dll version 3.58.3.2183
2015-01-21 01:20:52.034 Component engine\savi.dll version 8.1.5.2183
2015-01-21 01:20:52.035 Component rkdisk.dll version 1.5.30.0
2015-01-21 01:20:52.035 Version info: Product version 2.5.4
2015-01-21 01:20:52.036 Version info: Detection engine 3.58.3
2015-01-21 01:20:52.036 Version info: Detection data 5.08
2015-01-21 01:20:52.036 Version info: Build date 11/11/2014
2015-01-21 01:20:52.036 Version info: Data files added 613
2015-01-21 01:20:52.036 Version info: Last successful update (not yet updated)
2015-01-21 01:20:57.793 Update progress: proxy server not available
2015-01-21 01:21:09.644 Downloading updates...
2015-01-21 01:21:09.647 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-21 01:21:09.647 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-21 01:21:09.647 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-21 01:21:11.692 Update progress: [I19463] Syncing product IDE509 177
2015-01-21 01:21:14.331 Installing updates...
2015-01-21 01:21:14.933 Error level 1
2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE510 179
2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE511 170
2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE512 92
2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE513 1
2015-01-21 01:22:03.400 Update successful
2015-01-21 01:22:13.842 Option all = no
2015-01-21 01:22:13.842 Option recurse = yes
2015-01-21 01:22:13.842 Option archive = no
2015-01-21 01:22:13.842 Option service = yes
2015-01-21 01:22:13.842 Option confirm = yes
2015-01-21 01:22:13.842 Option sxl = yes
2015-01-21 01:22:13.843 Option max-data-age = 35
2015-01-21 01:22:13.843 Option EnableSafeClean = yes
2015-01-21 01:22:13.898 Option vdl-logging = yes
2015-01-21 01:22:13.903 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-21 01:22:13.903 Machine ID: 78c1b8c441544700a605f6a48d8daab2
2015-01-21 01:22:13.904 Component SVRTcli.exe version 2.5.4
2015-01-21 01:22:13.905 Component control.dll version 2.5.4
2015-01-21 01:22:13.905 Component SVRTservice.exe version 2.5.4
2015-01-21 01:22:13.905 Component engine\osdp.dll version 1.44.1.2183
2015-01-21 01:22:13.906 Component engine\veex.dll version 3.58.3.2183
2015-01-21 01:22:13.906 Component engine\savi.dll version 8.1.5.2183
2015-01-21 01:22:13.907 Component rkdisk.dll version 1.5.30.0
2015-01-21 01:22:13.907 Version info: Product version 2.5.4
2015-01-21 01:22:13.907 Version info: Detection engine 3.58.3
2015-01-21 01:22:13.907 Version info: Detection data 5.08G
2015-01-21 01:22:13.907 Version info: Build date 11/11/2014
2015-01-21 01:22:13.907 Version info: Data files added 613
2015-01-21 01:22:13.908 Version info: Last successful update 1/20/2015 6:22:03 PM

2015-01-21 01:31:24.386 SafeClean bin directory is empty.
2015-01-21 01:31:24.386 Error level 0

2015-01-21 01:31:26.002 Scan cancelled by user.
2015-01-21 01:31:26.002

------------------------------------------------------------

2015-01-22 22:14:13.173 Sophos Virus Removal Tool version 2.5.4
2015-01-22 22:14:13.173 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-22 22:14:13.173 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-22 22:14:13.173 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
2015-01-22 22:14:13.173 Checking for updates...
2015-01-22 22:14:27.155 Update progress: proxy server not available
2015-01-22 22:14:30.863 Option all = no
2015-01-22 22:14:30.863 Option recurse = yes
2015-01-22 22:14:30.863 Option archive = no
2015-01-22 22:14:30.863 Option service = yes
2015-01-22 22:14:30.863 Option confirm = yes
2015-01-22 22:14:30.863 Option sxl = yes
2015-01-22 22:14:30.864 Option max-data-age = 35
2015-01-22 22:14:30.864 Option EnableSafeClean = yes
2015-01-22 22:14:30.983 Option vdl-logging = yes
2015-01-22 22:14:31.026 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-22 22:14:31.026 Machine ID: 78c1b8c441544700a605f6a48d8daab2
2015-01-22 22:14:31.063 Component SVRTcli.exe version 2.5.4
2015-01-22 22:14:31.063 Component control.dll version 2.5.4
2015-01-22 22:14:31.063 Component SVRTservice.exe version 2.5.4
2015-01-22 22:14:31.064 Component engine\osdp.dll version 1.44.1.2183
2015-01-22 22:14:31.064 Component engine\veex.dll version 3.58.3.2183
2015-01-22 22:14:31.064 Component engine\savi.dll version 8.1.5.2183
2015-01-22 22:14:31.078 Component rkdisk.dll version 1.5.30.0
2015-01-22 22:14:31.078 Version info: Product version 2.5.4
2015-01-22 22:14:31.079 Version info: Detection engine 3.58.3
2015-01-22 22:14:31.079 Version info: Detection data 5.08G
2015-01-22 22:14:31.080 Version info: Build date 11/11/2014
2015-01-22 22:14:31.080 Version info: Data files added 613
2015-01-22 22:14:31.080 Version info: Last successful update 1/20/2015 6:22:03 PM
2015-01-22 22:14:34.452 Downloading updates...
2015-01-22 22:14:34.458 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product IDE509 177
2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE510 179
2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE511 170
2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE512 105
2015-01-22 22:14:35.058 Installing updates...
2015-01-22 22:14:35.659 Error level 1
2015-01-22 22:14:36.113 Update progress: [I19463] Syncing product IDE513 1
2015-01-22 22:14:36.240 Update successful
2015-01-22 22:14:44.601 Option all = no
2015-01-22 22:14:44.602 Option recurse = yes
2015-01-22 22:14:44.602 Option archive = no
2015-01-22 22:14:44.602 Option service = yes
2015-01-22 22:14:44.602 Option confirm = yes
2015-01-22 22:14:44.602 Option sxl = yes
2015-01-22 22:14:44.603 Option max-data-age = 35
2015-01-22 22:14:44.603 Option EnableSafeClean = yes
2015-01-22 22:14:44.655 Option vdl-logging = yes
2015-01-22 22:14:44.693 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-22 22:14:44.693 Machine ID: 78c1b8c441544700a605f6a48d8daab2
2015-01-22 22:14:44.695 Component SVRTcli.exe version 2.5.4
2015-01-22 22:14:44.695 Component control.dll version 2.5.4
2015-01-22 22:14:44.695 Component SVRTservice.exe version 2.5.4
2015-01-22 22:14:44.696 Component engine\osdp.dll version 1.44.1.2183
2015-01-22 22:14:44.696 Component engine\veex.dll version 3.58.3.2183
2015-01-22 22:14:44.696 Component engine\savi.dll version 8.1.5.2183
2015-01-22 22:14:44.697 Component rkdisk.dll version 1.5.30.0
2015-01-22 22:14:44.697 Version info: Product version 2.5.4
2015-01-22 22:14:44.698 Version info: Detection engine 3.58.3
2015-01-22 22:14:44.698 Version info: Detection data 5.08G
2015-01-22 22:14:44.699 Version info: Build date 11/11/2014
2015-01-22 22:14:44.699 Version info: Data files added 626
2015-01-22 22:14:44.699 Version info: Last successful update 1/22/2015 3:14:36 PM

2015-01-22 22:34:15.675 Could not open C:\System Volume Information\{0b4694db-a279-11e4-a0d8-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.675 Could not open C:\System Volume Information\{1cc86690-9f34-11e4-b8b0-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.676 Could not open C:\System Volume Information\{23a9df20-9fcc-11e4-a24f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.677 Could not open C:\System Volume Information\{23a9df74-9fcc-11e4-a24f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.677 Could not open C:\System Volume Information\{2dc738ba-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.678 Could not open C:\System Volume Information\{2dc738cd-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.679 Could not open C:\System Volume Information\{2dc738ec-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.679 Could not open C:\System Volume Information\{2dc738ff-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.680 Could not open C:\System Volume Information\{2dc73934-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.680 Could not open C:\System Volume Information\{2dc73947-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.681 Could not open C:\System Volume Information\{2dc7395e-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.682 Could not open C:\System Volume Information\{2dc73971-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.682 Could not open C:\System Volume Information\{2dc739ba-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.683 Could not open C:\System Volume Information\{2dc739be-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.684 Could not open C:\System Volume Information\{2dc739c3-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.684 Could not open C:\System Volume Information\{2dc739c7-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.685 Could not open C:\System Volume Information\{2dc739cb-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.685 Could not open C:\System Volume Information\{2dc739cf-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.686 Could not open C:\System Volume Information\{2dc739d3-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.686 Could not open C:\System Volume Information\{2dc73a5b-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.687 Could not open C:\System Volume Information\{2dc73a93-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.688 Could not open C:\System Volume Information\{2dc73aa7-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.688 Could not open C:\System Volume Information\{2dc73ac5-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.689 Could not open C:\System Volume Information\{2dc73ad5-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.689 Could not open C:\System Volume Information\{2dc73af1-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.690 Could not open C:\System Volume Information\{2dc73b0d-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.691 Could not open C:\System Volume Information\{2dc73b2b-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.691 Could not open C:\System Volume Information\{2dc73b46-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.692 Could not open C:\System Volume Information\{2dc73b5c-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.692 Could not open C:\System Volume Information\{2dc73b81-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.693 Could not open C:\System Volume Information\{2dc73ba0-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.694 Could not open C:\System Volume Information\{2dc73bcb-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.694 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.695 Could not open C:\System Volume Information\{42b5e90e-9c8b-11e4-ab92-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.695 Could not open C:\System Volume Information\{45a20008-a1d2-11e4-a8cb-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.696 Could not open C:\System Volume Information\{83e83733-a095-11e4-8aac-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.696 Could not open C:\System Volume Information\{99bb777c-9dc1-11e4-8836-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.697 Could not open C:\System Volume Information\{b3491070-9ebd-11e4-9fc3-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.698 Could not open C:\System Volume Information\{c548093a-a0cc-11e4-90bf-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.698 Could not open C:\System Volume Information\{c54809ad-a0cc-11e4-90bf-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.699 Could not open C:\System Volume Information\{ec223072-9eaa-11e4-936e-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.699 Could not open C:\System Volume Information\{ec223076-9eaa-11e4-936e-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:34:15.700 Could not open C:\System Volume Information\{f569d800-a1b2-11e4-8e51-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 22:39:44.479 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-22 22:39:44.481 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-22 22:39:46.297 Could not open C:\Windows\System32\config\COMPONENTS
2015-01-22 22:39:46.340 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-01-22 22:39:46.353 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-22 22:39:46.355 Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-22 22:39:46.358 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-22 22:39:46.361 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-22 22:39:46.363 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-22 22:59:32.327 Could not open D:\Boot\BCD
2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file D:\Users\ogahm\Desktop\Win32kDiag.exe
2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\#Download\Ipswitch Wsftp Pro 2006 Plus Crack\WSFTP_Pro 2006 Keygen.exe
2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\#Download\Ipswitch Wsftp Pro 2006 Plus Crack\WSFTP_Pro 2006 Keygen.exe
2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:07:38.213 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\Documents and Settings\Administrator\Desktop\Nero\Nero5518crack.zip\Keygen.exe
2015-01-22 23:07:38.213 Disinfection not offered
2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file D:\Users\ogahm\Downloads\Adobe CS4 Master Collection\Adobe CS4 Keygen.exe
2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC\AP_V14.exe
2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC.zip
2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC.zip
2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\#TommyTemp\E\Documents and Settings\Thomas\Desktop\RealPlayer 8 Plus Key Generator.exe
2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:13:24.608 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL208.DOC (corrupt)
2015-01-22 23:13:24.726 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL223.DOC (corrupt)
2015-01-22 23:13:24.737 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL224.DOC (corrupt)
2015-01-22 23:13:24.750 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL225.DOC (corrupt)
2015-01-22 23:13:24.796 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL228.DOC (corrupt)
2015-01-22 23:13:24.833 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL230.DOC (corrupt)
2015-01-22 23:15:19.689 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\m56kgmIRC v5.6Keygen.zip\tno_mi56.exe
2015-01-22 23:15:19.689 Disinfection not offered
2015-01-22 23:15:19.831 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\m56kgmirc.zip\tno_mi56.exe
2015-01-22 23:15:19.831 Disinfection not offered
2015-01-22 23:15:20.095 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\mirc_5.6_and_above_keygen.zip\tno_mi56.exe
2015-01-22 23:15:20.095 Disinfection not offered
2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file D:\Users\ogahm\Downloads\Stuff from dadbasement (good stuff)\Windows XP SP2 Keygen + Key Changer + WGA Validation (1.4.389.0)\2) Windows Keygen\Keygen.exe
2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-01-22 23:37:37.695 Could not open E:\System Volume Information\{2e652b1a-9c7b-11e4-b622-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.695 Could not open E:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.696 Could not open E:\System Volume Information\{4f4fc20a-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.697 Could not open E:\System Volume Information\{4f4fc232-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.697 Could not open E:\System Volume Information\{4f4fc243-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.698 Could not open E:\System Volume Information\{4f4fc254-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.698 Could not open E:\System Volume Information\{6a742667-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.699 Could not open E:\System Volume Information\{6a742678-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.699 Could not open E:\System Volume Information\{6a742689-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.700 Could not open E:\System Volume Information\{6a74269a-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:37:37.700 Could not open E:\System Volume Information\{6a7426ab-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-22 23:51:23.608 The following items will be cleaned up:
2015-01-22 23:51:23.608 Mal/Emogen-Y
2015-01-22 23:51:23.608 Mal/KeyGen-M
2015-01-22 23:51:23.608 Troj/KeyGen-DP
2015-01-22 23:51:23.608 Mal/Generic-S
2015-01-22 23:51:23.608 Mal/Behav-053
2015-01-22 23:51:23.608 Mal/Bckdr-BE
2015-01-22 23:51:23.608 Mal/KeyGen-M
2015-01-22 23:51:23.608 Mal/KeyGen-M
2015-01-22 23:51:23.608 Mal/KeyGen-M
2015-01-22 23:51:23.609 Mal/KeyGen-M
 
Oops, I didn't see that reply, thought I was waiting, so sorry. I'll find the log if I can.
Is there any way you can ask others if they recognize the infection? Certainly seems like a root-kit, but I don't know which one, most have custom fixes.
I do have the external drive that holds the infection. I was thinking of plugging it in and seeing if the virus scanner will see what is happening and put a name on it. I'd probably want a better scanner than Avast. I think I can get a Kaspersky license. Or do you have a suggestion for what the best virus scanner is today?
 
Results of screen317's Security Check version 0.99.95
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Emsisoft Anti-Malware
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.235
Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
Emsisoft Anti-Malware a2guard.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 
We actually didn't find much, mostly some adware. Definitely no rootkit present.
What are the current issues?
 
Current issues are the same as when this started.
1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
3) Explorer shows no filenames or folder names.
4) The "Start Search" feature of the Start Bar returns nothing.
5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
This all started right as soon as I tried to read that infected drive. It's gotta be a rootkit, or something new, we'd have detected it by now if it was a normal malware infection.
I've tried SFC many times, it seems to work, but after rebooting and running SFC again, it seems to have just not done anything, and says it found more errors. Over and over.
 
As I said in my previous reply....your issues are NOT malware related as we didn't find much.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif



Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif



Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif



Go to Repairs tab and click Open Repairs button.

p22012124.gif


In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif


Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
I have run SFC many times, it keeps telling me that it made corrections and to reboot, when I run it again I get the same result. I've looked at the CBS.log but it's pretty cryptic. I see one set of entries that worry me, ru-RU is Russian, I don't have any language packs loaded that I know of. SecPol.msc is one of the files that I can't open, and why would it be the Russian version at all? I went to system32 and ran it, it has English in the first two, but odd characters in the 3rd and 4th column headers.
The following entry happens every time I run SFC and is always the 80th POQ and 161 POQ, the last entry before it stops.
Now that I've looked at the log more closely, it appears that none of the repairs are actually happening, it just keeps repeating the same repairs every time I run it, it claims success, but apparently it's not really doing anything. Just shoot me.
************************************************
2015-01-17 17:30:17, Info CSI 000001b5 Hashes for file member \??\C:\Windows\System32\ru-RU\secpol.msc do not match actual file [l:20{10}]"secpol.msc" :
Found: {l:32 b:fzZDVNgjX7rPS4CwuGu1yMKTxJcxgF6SVquMolcKxCw=} Expected: {l:32 b:2ColJ4zcTsIcODHfw4i0OhMQxgZrWJWL7dn2SeJ+CTM=}
2015-01-17 17:30:17, Info CSI 000001b6 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\ru-RU"\[l:20{10}]"secpol.msc" from store
2015-01-17 17:30:17, Info CSI 000001b7 WARNING: File [l:20{10}]"secpol.msc" in [l:58{29}]"\??\C:\Windows\System32\ru-RU" switching ownership
Old: Microsoft-Windows-SecurityConfigurationManagement-PolicyTools-Ex.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
New: Microsoft-Windows-SecurityConfigurationManagement-PolicyTools.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
********************************************************
 
Last edited:
Those folders are in every Windows installation.
Nothing malicious about them.

Did you finish running all steps?
Same issues after you finished?
 
Current issues are the same as when this started.
1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
3) Explorer shows no filenames or folder names.
4) The "Start Search" feature of the Start Bar returns nothing.

5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
 
The last step didn't complete correctly so I wanted to wait. The hashes are wrong on that file and it's not getting repaired, none of the other repairs are happening either, just like when you have a rootkit infection. I'll try the repairs and see what happens.
 
Tweaking.com - Windows Repair v2.10.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista (TM) Ultimate
OS Architecture: 64-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: MASTERSHAKE
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile:
Current Profile SID: S-1-5-21-1027772261-2917165354-2662933974-1000
Current Profile Classes: S-1-5-21-1027772261-2917165354-2662933974-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Shake\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:02:32

Process Count: 23
Commit Total: 563.48 MB
Commit Limit: 10.10 GB
Commit Peak: 587.88 MB
Handle Count: 6354
Kernel Total: 245.28 MB
Kernel Paged: 178.92 MB
Kernel Non Paged: 66.36 MB
System Cache: 605.43 MB
Thread Count: 331
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.99 GB
Memory Used: 730.36 MB(11.9084%)
Memory Avail.: 5.28 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.99 GB
Memory Used: 626.57 MB(10.216%)
Memory Avail.: 5.38 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (1/24/2015 11:46:33 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (1/24/2015 11:46:36 PM)
Running Repair Under Current User Account
Done (1/24/2015 11:46:43 PM)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (1/24/2015 11:46:43 PM)
Running Repair Under System Account
Done (1/24/2015 11:51:16 PM)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (1/24/2015 11:51:16 PM)
Running Repair Under System Account
Done (1/24/2015 11:52:28 PM)

03 - Reset Service Permissions
Start (1/24/2015 11:52:28 PM)
Running Repair Under System Account
Done (1/24/2015 11:52:34 PM)

04 - Register System Files
Start (1/24/2015 11:52:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:53:08 PM)

05 - Repair WMI
Start (1/24/2015 11:53:08 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Emsisoft Anti-Malware Exported.
avast! Antivirus Exported.

Exporting AntiSpyware Info...
Windows Defender Exported.
Emsisoft Anti-Malware Exported.
avast! Antivirus Exported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (1/24/2015 11:58:01 PM)

06 - Repair Windows Firewall
Start (1/24/2015 11:58:01 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:58:28 PM)

07 - Repair Internet Explorer
Start (1/24/2015 11:58:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:58:48 PM)

08 - Repair MDAC/MS Jet
Start (1/24/2015 11:58:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:58:54 PM)

09 - Repair Hosts File
Start (1/24/2015 11:58:54 PM)
Running Repair Under System Account
Done (1/24/2015 11:58:55 PM)

10 - Remove Policies Set By Infections
Start (1/24/2015 11:58:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:59:04 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (1/24/2015 11:59:04 PM)
Running Repair Under System Account
Done (1/24/2015 11:59:05 PM)

12 - Repair Icons
Start (1/24/2015 11:59:05 PM)
Running Repair Under Current User Account
Done (1/24/2015 11:59:07 PM)

13 - Repair Winsock & DNS Cache
Start (1/24/2015 11:59:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:59:17 PM)

15 - Repair Proxy Settings
Start (1/24/2015 11:59:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/24/2015 11:59:19 PM)

17 - Repair Windows Updates
Start (1/24/2015 11:59:19 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (1/24/2015 11:59:48 PM)

18 - Repair CD/DVD Missing/Not Working
Start (1/24/2015 11:59:48 PM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (1/24/2015 11:59:48 PM)

19 - Repair Volume Shadow Copy Service
Start (1/24/2015 11:59:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:13 AM)

21 - Repair MSI (Windows Installer)
Start (1/25/2015 12:00:13 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:23 AM)

23.01 - Repair bat Association
Start (1/25/2015 12:00:23 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:25 AM)

23.02 - Repair cmd Association
Start (1/25/2015 12:00:25 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:27 AM)

23.03 - Repair com Association
Start (1/25/2015 12:00:27 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:29 AM)

23.04 - Repair Directory Association
Start (1/25/2015 12:00:29 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:31 AM)

23.05 - Repair Drive Association
Start (1/25/2015 12:00:31 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:33 AM)

23.06 - Repair exe Association
Start (1/25/2015 12:00:33 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:35 AM)

23.07 - Repair Folder Association
Start (1/25/2015 12:00:35 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:37 AM)

23.08 - Repair inf Association
Start (1/25/2015 12:00:37 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:39 AM)

23.09 - Repair lnk (Shortcuts) Association
Start (1/25/2015 12:00:39 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:41 AM)

23.10 - Repair msc Association
Start (1/25/2015 12:00:41 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:43 AM)

23.11 - Repair reg Association
Start (1/25/2015 12:00:43 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:45 AM)

23.12 - Repair scr Association
Start (1/25/2015 12:00:45 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:47 AM)

24 - Repair Windows Safe Mode
Start (1/25/2015 12:00:47 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:49 AM)

25 - Repair Print Spooler
Start (1/25/2015 12:00:49 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:52 AM)

26 - Restore Important Windows Services
Start (1/25/2015 12:00:52 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:00:58 AM)

27 - Set Windows Services To Default Startup
Start (1/25/2015 12:00:58 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:01:05 AM)

31 - Repair Windows 'New' Submenu
Start (1/25/2015 12:01:05 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (1/25/2015 12:01:07 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (1/25/2015 12:01:07 AM)
Total Repair Time: 00:14:35


...YOU MUST RESTART YOUR SYSTEM...
 
Back