TechSpot

Windows 7: profile chagned to temporary profile; system restore 0xc0000022 error -- Malware?

By Daniel Burkus
Mar 23, 2016
  1. Bruni, first of all, thank you for all of your help before.

    However, there seems to still be something wrong with my PC. In addition to the residual matter of the phantom floppy disk player, which I have not yet attended to (I went to Japan at the end of February, and contracted food poisoning the night before I left Korea), something else has continued to happen: from time to time, when I am watching a movie (such as one burned on a CD or on a HD, not streaming), or reading (this usually seems to happen when I am reading the news), I have occasionally noticed a (black) command prompt window appear for a fraction of a second before disappearing. This happens several times a day, but the manifestation is so fast that, other than recognizing what it is, I have no idea what is causing it.

    There has also continued to be an issue with unusually high CPU usage (for example, when nothing is running), though not constantly. (The cooling fan, however, works now, so the PC shutting down when that occurs is no longer an issue.) I read that this high CPU usage can be caused by a corrupt User Profile, and so I decided to change mine -- I created a new profile (yesterday), moved everything there (while backing up all of the files on other hard drives), and so forth, and then deleted the presumably corrupted profile (and the temporary profile that I created since three profiles are needed to perform the transfer of data). After which the PC worked fine, and so I continued my work, saving all of my files (in folders on the desktop) before shutting down for the night.

    This morning my (new) user account appears to have vanished: every time I restarted Windows 7, it continued to open temporary profiles; and naturally I cannot access the files I created yesterday (which still seem to be there -- since the used disk space on the C drive is the same as before):

    - I tried the regedit fixes recommended on line (renaming the user profiles), without effect.

    - I ran scandisk, which indicated that nothing was wrong, and the disc was clean. Still no effect.

    - Then I tried deleting the .bak profile, which still produced no results.

    - After that I tried system restore to a restore point 2 days prior to this issue, and got the 0xc0000022 error ("System Restore did not complete successfully. Your computer's system files and settings were not changed. Details: An unspecified error occurred during System Restore. (0xc0000022).) There are no other system restore points available. When I tried to reverse the system restore, the same error was received. All of my data (other than the work I did yesterday) has been stored on other drives (all of yesterday's work was saved, though the profile with which it is associated is the one I can not find -- I changed my picture, and the new picture is still associated with the profile, but the profile itself is empty: however, I have not deleted any files).

    - I ran Microsoft Fix It and the KB890830 (MSERT) tools, but they indicate the PC is clean and without issues.

    I ran through the series of scans that you suggested before, and most turned up nothing. Combofix deleted two files "prefs.js" and "debug.log" but nothing else.

    As I said way-back-when, I am in South Korea, and this might be the result of some malware that some sort of spy agency has inserted (to repeat, my PC began to have issues following an episode where Tumblr tried to access pages that apparently were banned -- my suspicions were aroused due to the way in which Firefox attempted to open them: usually a notice appears indicating that the page is banned, and then I leave the page; but in this instance Firefox tried to open the page through my dashboard, though I do not know why it did so).

    At any rate, if there is anything you can suggest, I would like to hear from you at your earliest convenience.

    Thank you for your time.

    -- Daniel M. Burkus
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Bruni, my connection to the internet was lost. I have it back now and am running FRST in SafeMode (with networking). Will post the scan as soon as it is done.
     
  4. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
    Ran by Daniel M. Burkus (administrator) on PC (26-03-2016 10:57:01)
    Running from C:\Users\Daniel M. Burkus.PC\Desktop
    Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
    HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-03-26] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-02] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2016-03-26]
    ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-21]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    BootExecute: autocheck autochk * sdnclean.exeaswBoot.exe /A:C: /A:* STARTUP /L:1033 /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:C:\Program

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{64DEE58B-1BB1-4EC3-A5F5-F207663D912E}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02] (AVAST Software)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default
    FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
    FF Extension: CacheViewer - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-03-24]
    FF Extension: Restart Button - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\restartbutton@strk.jp.xpi [2016-03-24]
    FF Extension: CacheViewer2 - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\cacheview2@scriptkitz.ml [2016-03-24]
    FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\artur.dubovoy@gmail.com [2016-03-24]
    FF Extension: AdBlock Ultimate - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-24]
    FF Extension: Click to Play per-element - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-03-26]
    FF Extension: Webmail Ad Blocker - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\gmailnoads@mywebber.com.xpi [2016-03-24]
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-24]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-24]

    Chrome:
    =======
    CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
    CHR Extension: (No Name) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
    CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-24]
    CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
    CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-02] (AVAST Software)
    S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153352 2015-10-20] (Sophos Limited)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    S2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-05-14] (Emsisoft GmbH)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-02] (AVAST Software)
    S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-10] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-02] (AVAST Software)
    S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-02] (AVAST Software)
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-10] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-02] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-02] (AVAST Software)
    S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-02] (AVAST Software)
    R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
    S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-05-14] (Emsisoft GmbH)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    S1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
    S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]
     
  5. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-26 10:57 - 2016-03-26 10:57 - 00012962 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
    2016-03-26 10:55 - 2016-03-26 10:55 - 01725440 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\Program Files\NETGEAR
    2016-03-26 10:10 - 2010-02-03 11:20 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
    2016-03-26 10:10 - 2010-02-03 11:20 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\Packet.dll
    2016-03-26 10:10 - 2010-02-03 11:20 - 00053299 _____ C:\Windows\system32\pthreadVC.dll
    2016-03-26 10:10 - 2010-02-03 11:20 - 00050704 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
    2016-03-26 10:10 - 2009-11-06 08:37 - 00699896 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh6.sys
    2016-03-26 10:10 - 2009-11-06 08:31 - 03862528 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 03551232 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 01176312 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
    2016-03-26 10:10 - 2007-01-19 18:20 - 00021728 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
    2016-03-26 09:31 - 2016-03-26 09:31 - 00032259 _____ C:\ComboFix.txt
    2016-03-26 07:46 - 2016-03-26 10:57 - 00000000 ____D C:\FRST
    2016-03-26 07:46 - 2016-03-26 09:43 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCANS
    2016-03-26 07:03 - 2016-03-24 09:12 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160326-070351.backup
    2016-03-25 18:43 - 2016-03-26 07:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-03-25 18:43 - 2016-03-25 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-03-25 17:00 - 2016-03-26 10:21 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\A - Software Shortcuts
    2016-03-25 16:49 - 2016-03-26 09:33 - 00000000 ____D C:\Restore Removed Folders
    2016-03-25 15:39 - 2016-03-25 15:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AVMedia Files
    2016-03-25 14:57 - 2016-03-25 14:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\SUPERAntiSpyware.com
    2016-03-25 09:15 - 2016-03-25 09:15 - 00000078 _____ C:\Users\Daniel M. Burkus.PC\Google Search URLs.txt
    2016-03-25 07:49 - 2016-03-25 07:54 - 00000000 ____D C:\Program Files\Software by Design
    2016-03-25 07:49 - 2016-03-25 07:49 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Software by Design
    2016-03-25 07:49 - 2013-04-09 15:00 - 00086016 ____N (Software Design) C:\Windows\SDUnInst.exe
    2016-03-25 07:33 - 2016-03-21 21:47 - 00001245 _____ C:\Users\Daniel M. Burkus.PC\Desktop\taskmanager.exe.lnk
    2016-03-25 07:33 - 2016-03-14 07:41 - 00001480 _____ C:\Users\Daniel M. Burkus.PC\Desktop\KB LIST.txt.lnk
    2016-03-25 07:33 - 2016-03-13 11:42 - 00000561 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Windows Update.lnk
    2016-03-25 07:33 - 2016-01-30 07:40 - 00001483 _____ C:\Users\Daniel M. Burkus.PC\solitaire.lnk
    2016-03-25 07:33 - 2016-01-30 07:40 - 00001353 _____ C:\Users\Daniel M. Burkus.PC\freecell.lnk
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2), Notes.txt
    2016-03-24 22:25 - 2016-03-25 10:23 - 00007592 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1), Notes.txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4).txt
    2016-03-24 22:23 - 2016-03-25 10:25 - 00000640 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1).txt
    2016-03-24 22:23 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3).txt
    2016-03-24 22:23 - 2016-03-25 09:21 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2).txt
    2016-03-24 21:39 - 2016-03-24 21:40 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\14 - Bon-date no Densho
    2016-03-24 21:37 - 2016-03-24 21:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\13 - Matsue Sotoku-ate no Densho
    2016-03-24 20:56 - 2016-03-24 22:29 - 00000858 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
    2016-03-24 20:40 - 2016-03-24 20:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Blog Documents
    2016-03-24 20:26 - 2016-03-24 20:26 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\WinRAR
    2016-03-24 20:03 - 2016-03-24 20:03 - 00020660 _____ C:\Users\Daniel M. Burkus.PC\'To Santa Claus and Little Sisters' by Anonymous.htm
    2016-03-24 19:46 - 2016-03-24 19:46 - 00931330 _____ C:\Users\Daniel M. Burkus.PC\Desktop\To Kill a Mockingbird (Harper Lee).pdf
    2016-03-24 19:45 - 2016-03-24 19:45 - 00546794 _____ C:\Users\Daniel M. Burkus.PC\Desktop\The Perks of Being a Wallflower (Stephen Chbosky).pdf
    2016-03-24 19:38 - 2016-03-24 19:38 - 00026680 _____ C:\Users\Daniel M. Burkus.PC\River Sumida.bmp
    2016-03-24 19:18 - 2016-03-24 19:18 - 00000913 _____ C:\ProgramData\ReclaiMe.config
    2016-03-24 19:18 - 2016-03-24 19:18 - 00000438 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
    2016-03-24 19:10 - 2016-03-24 19:12 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Foxit Software
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Adobe
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CEF
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
    2016-03-24 16:22 - 2016-03-24 16:22 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\HWP
    2016-03-24 16:17 - 2016-03-24 16:17 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IrfanView
    2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\NVIDIA
    2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
    2016-03-24 13:40 - 2016-03-24 13:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Hnc
    2016-03-24 13:15 - 2016-03-24 18:40 - 00000000 ____D C:\Program Files\Recuva
    2016-03-24 13:15 - 2016-03-24 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2016-03-24 10:32 - 2016-03-24 10:32 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\ElevatedDiagnostics
    2016-03-24 10:24 - 2016-03-24 10:24 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\MACRIUM
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\AVAST Software
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\Adobe
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\NVIDIA
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\Google
    2016-03-24 09:57 - 2016-03-24 10:08 - 00000000 ____D C:\Users\Daniel M. Burkus (n)
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\My Documents
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Videos
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Pictures
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Music
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\VirtualStore
    2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\SUPERAntiSpyware.com
    2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\AVAST Software
    2016-03-24 08:57 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-03-24 08:57 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-03-24 08:57 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
    2016-03-24 08:52 - 2016-03-24 10:06 - 00000000 ____D C:\Scans to Run
    2016-03-24 08:48 - 2016-03-26 09:31 - 00000000 ____D C:\Qoobox
    2016-03-24 08:45 - 2016-03-24 08:45 - 01725440 _____ (Farbar) C:\FRST.exe
    2016-03-24 08:40 - 2016-03-24 08:40 - 05658151 ____R (Swearware) C:\ComboFix.exe
    2016-03-24 08:37 - 2016-03-24 08:37 - 00064568 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Macromedia
    2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Macromedia
    2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla
    2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Mozilla
    2016-03-24 08:00 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Adobe
    2016-03-24 08:00 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NVIDIA
    2016-03-24 08:00 - 2016-03-24 08:00 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
    2016-03-24 07:59 - 2016-03-26 09:31 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
    2016-03-24 07:59 - 2016-03-25 18:48 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\VirtualStore
    2016-03-24 07:59 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Google
    2016-03-24 07:59 - 2016-03-24 07:59 - 00001413 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 07:59 - 2016-03-24 07:59 - 00000020 ___SH C:\Users\Daniel M. Burkus.PC\ntuser.ini
    2016-03-24 07:59 - 2016-03-24 07:59 - 00000000 _SHDL C:\Users\Daniel M. Burkus.PC\My Documents
    2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Macromedia
    2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Macromedia
    2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Mozilla
    2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Mozilla
    2016-03-24 07:46 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\NVIDIA
    2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\AVAST Software
    2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Adobe
    2016-03-24 07:45 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.001\Virtual Machines
    2016-03-24 07:45 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Google
    2016-03-24 07:45 - 2016-03-24 07:47 - 00002201 _____ C:\Users\TEMP.PC.001\Desktop\Google Chrome.lnk
    2016-03-24 07:45 - 2016-03-24 07:45 - 00001413 _____ C:\Users\TEMP.PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 07:44 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.001
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000020 ___SH C:\Users\TEMP.PC.001\ntuser.ini
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\My Documents
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Videos
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Pictures
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Music
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\VirtualStore
    2016-03-24 07:43 - 2016-03-24 07:43 - 00003528 ____N C:\bootsqm.dat
    2016-03-24 06:46 - 2016-03-24 06:46 - 00064568 _____ C:\Users\TEMP.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 06:40 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.000\Virtual Machines
    2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\NVIDIA
    2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\Google
    2016-03-24 06:40 - 2016-03-24 06:42 - 00002201 _____ C:\Users\TEMP.PC.000\Desktop\Google Chrome.lnk
    2016-03-24 06:40 - 2016-03-24 06:40 - 00001413 _____ C:\Users\TEMP.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\AVAST Software
    2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\Adobe
    2016-03-24 06:39 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.000
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000020 ___SH C:\Users\TEMP.PC.000\ntuser.ini
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\My Documents
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Videos
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Pictures
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Music
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\VirtualStore
    2016-03-24 06:28 - 2016-03-24 06:28 - 00064568 _____ C:\Users\TEMP.PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\AVAST Software
    2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\Adobe
    2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC\Virtual Machines
    2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC
     
  6. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    ___D C:\Users\TEMP.PC\AppData\Local\NVIDIA
    2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\Google
    2016-03-24 06:27 - 2016-03-24 06:29 - 00002201 _____ C:\Users\TEMP.PC\Desktop\Google Chrome.lnk
    2016-03-24 06:27 - 2016-03-24 06:27 - 00001413 _____ C:\Users\TEMP.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000020 ___SH C:\Users\TEMP.PC\ntuser.ini
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\My Documents
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Videos
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Pictures
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Music
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\VirtualStore
    2016-03-23 21:17 - 2016-03-23 21:17 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-03-23 21:17 - 2016-03-23 21:17 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-23 16:09 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-03-23 15:47 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
    2016-03-23 15:46 - 2016-03-23 22:31 - 00000000 ____D C:\Users\TEMP
    2016-03-23 15:46 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
    2016-03-20 06:01 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2016-03-20 06:01 - 2016-03-20 06:01 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
    2016-03-20 06:00 - 2016-03-20 06:00 - 00000000 ____D C:\Program Files\Foxit Software
    2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
    2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord
    2016-03-17 08:50 - 2016-03-17 09:06 - 00000000 ____D C:\FreeOCR
    2016-03-17 08:50 - 2016-03-17 08:50 - 00000000 ____D C:\Program Files\AbleWord
    2016-03-17 08:50 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
    2016-03-13 16:00 - 2016-02-12 03:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-03-13 16:00 - 2016-02-12 03:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-03-13 16:00 - 2016-02-12 03:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-03-13 16:00 - 2016-02-12 03:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-03-13 16:00 - 2016-02-12 03:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-03-13 16:00 - 2016-02-12 03:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-03-13 16:00 - 2016-02-12 03:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-03-13 16:00 - 2016-02-12 03:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-03-13 16:00 - 2016-02-12 03:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-03-13 16:00 - 2016-02-12 03:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-03-13 16:00 - 2016-02-12 03:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-03-13 16:00 - 2016-02-12 03:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-03-13 16:00 - 2016-02-12 02:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-03-13 16:00 - 2016-02-12 02:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-03-13 16:00 - 2016-02-12 02:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-03-13 16:00 - 2016-02-12 02:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-03-13 16:00 - 2016-02-12 02:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-03-13 16:00 - 2016-02-12 02:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-03-13 16:00 - 2016-02-12 02:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-03-13 16:00 - 2016-02-12 02:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-03-13 16:00 - 2016-02-12 02:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-03-13 15:59 - 2016-02-05 02:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-03-13 15:58 - 2016-02-06 03:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-03-13 15:58 - 2016-02-06 03:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-03-13 15:58 - 2016-02-06 03:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-03-13 15:58 - 2016-02-06 02:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-03-13 15:58 - 2016-02-06 02:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-03-13 15:58 - 2016-02-05 03:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-03-13 15:58 - 2016-02-04 03:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-03-13 15:58 - 2016-02-04 03:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
    2016-03-13 15:58 - 2016-02-04 03:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-03-13 15:58 - 2016-02-04 02:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-03-13 12:27 - 2016-03-13 12:27 - 00000000 ____D C:\Windows\CheckSur
    2016-03-13 09:48 - 2016-03-11 07:45 - 00006262 _____ C:\Windows\system32\Drivers\etc\hosts.20160313-094841.backup
    2016-03-11 08:30 - 2016-03-26 06:30 - 00000000 ____D C:\Program Files\Google
    2016-03-11 07:46 - 2016-03-11 07:46 - 00000000 ___HD C:\$windows.~bt
    2016-03-11 07:42 - 2016-03-11 07:42 - 00000000 ____D C:\Program Files\AEGIS-Voat
    2016-03-11 07:31 - 2016-03-11 07:31 - 00000000 ____D C:\2d3f5ed3ad81cf6d8f1e358b68f9
    2016-03-10 21:46 - 2016-03-26 09:02 - 00000000 ____D C:\Program Files\AdwCleaner
    2016-03-10 21:10 - 2016-02-09 18:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-03-09 06:03 - 2016-03-17 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Adobe
    2016-03-02 07:31 - 2016-03-02 07:30 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-03-02 07:30 - 2016-03-02 07:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-03-01 22:38 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct MIDI to MP3 Converter
    2016-03-01 22:38 - 2016-03-01 22:38 - 00000000 ____D C:\Program Files\Direct MIDI to MP3 Converter

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-26 10:52 - 2016-02-13 21:56 - 01127562 _____ C:\Windows\ntbtlog.txt
    2016-03-26 10:48 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-03-26 10:48 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-26 10:19 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-26 10:19 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-26 10:16 - 2016-01-29 02:16 - 00429336 _____ C:\Windows\system32\perfh012.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00417690 _____ C:\Windows\system32\perfh011.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00401934 _____ C:\Windows\system32\prfh0404.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00384862 _____ C:\Windows\system32\prfh0804.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00122062 _____ C:\Windows\system32\perfc011.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00120346 _____ C:\Windows\system32\perfc012.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00119554 _____ C:\Windows\system32\prfc0804.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00115052 _____ C:\Windows\system32\prfc0404.dat
    2016-03-26 10:16 - 2016-01-29 01:16 - 02850866 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
    2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
    2016-03-26 10:04 - 2016-02-19 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-26 09:25 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
    2016-03-26 09:22 - 2016-02-19 14:55 - 00000000 ____D C:\Windows\erdnt
    2016-03-26 08:26 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-03-26 07:53 - 2016-01-29 16:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-26 06:29 - 2016-01-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-26 06:29 - 2016-01-29 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-03-25 07:56 - 2009-07-14 11:04 - 00000442 _____ C:\Windows\win.ini
    2016-03-24 18:03 - 2016-01-29 05:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-03-24 18:03 - 2016-01-29 05:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-03-24 10:31 - 2016-01-29 01:39 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-03-24 10:08 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Daniel Burkus
    2016-03-24 10:07 - 2016-02-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-03-24 10:07 - 2016-02-18 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADS Scanner 2
    2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-03-24 10:07 - 2016-02-06 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2016-03-24 10:07 - 2016-01-30 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
    2016-03-24 10:07 - 2016-01-30 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    2016-03-24 10:07 - 2016-01-30 08:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
    2016-03-24 10:07 - 2016-01-30 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
    2016-03-24 10:07 - 2016-01-30 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-03-24 10:07 - 2016-01-30 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
    2016-03-24 10:07 - 2016-01-29 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-03-24 10:07 - 2016-01-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2016-03-24 10:07 - 2016-01-29 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
    2016-03-24 10:07 - 2016-01-29 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
    2016-03-24 10:07 - 2016-01-29 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
    2016-03-24 10:07 - 2016-01-29 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
    2016-03-24 10:07 - 2016-01-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
    2016-03-24 10:07 - 2016-01-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-03-24 10:07 - 2016-01-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-03-24 10:07 - 2016-01-29 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
    2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
    2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\Adobe
    2016-03-24 10:07 - 2016-01-29 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-03-24 10:07 - 2009-07-14 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-03-24 10:06 - 2016-01-29 16:29 - 00000000 ____D C:\Program Files\AVAST Software
    2016-03-24 10:06 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-24 10:06 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
    2016-03-24 09:38 - 2016-01-29 02:52 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Local\NVIDIA
    2016-03-24 09:16 - 2016-01-30 09:26 - 00000000 ____D C:\Users\Daniel M. Burkus
    2016-03-23 22:31 - 2016-01-29 20:10 - 00000000 ____D C:\Users\TEMP\Desktop\WORK
    2016-03-23 22:30 - 2016-01-29 16:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
    2016-03-23 22:30 - 2016-01-29 04:56 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
    2016-03-22 14:45 - 2016-02-21 08:57 - 00000979 _____ C:\DelFix.txt
    2016-03-21 06:49 - 2016-01-29 16:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-03-20 05:56 - 2016-02-12 06:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-03-19 13:48 - 2016-01-29 05:05 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
    2016-03-18 15:40 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
    2016-03-15 09:38 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\rescache
    2016-03-14 16:02 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Defender
    2016-03-13 22:51 - 2016-01-29 01:39 - 00000000 ____D C:\Windows\system32\MRT
    2016-03-13 20:20 - 2009-07-14 13:33 - 00309064 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-11 08:52 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-03-11 08:11 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\DVD Maker
    2016-03-11 08:11 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\tracing
    2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ____D C:\Windows\system32\appraiser
    2016-03-10 14:09 - 2016-01-29 16:20 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-10 14:08 - 2016-01-29 16:20 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-10 14:08 - 2016-01-29 16:20 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-10 06:53 - 2016-01-29 16:31 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-03-10 06:53 - 2016-01-29 16:31 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU(32).TXT
    2016-03-09 06:38 - 2016-01-29 16:01 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-03-09 06:02 - 2016-01-30 08:05 - 00000000 ____D C:\ProgramData\Adobe
    2016-03-02 08:28 - 2016-01-29 21:31 - 00000000 ____D C:\Program Files\WinRAR
    2016-03-02 07:32 - 2016-01-29 16:31 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2016-03-02 07:32 - 2016-01-29 16:31 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-03-02 07:31 - 2016-01-29 16:31 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-03-01 16:56 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160306-120250.backup
    2016-02-29 18:11 - 2016-01-29 21:02 - 00000000 ____D C:\Program Files\Audacity
    2016-02-29 18:08 - 2016-01-29 21:02 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2016-02-29 09:06 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-165623.backup

    ==================== Files in the root of some directories =======

    2016-03-24 19:18 - 2016-03-24 19:18 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
    2016-03-24 19:18 - 2016-03-24 19:18 - 0000913 _____ () C:\ProgramData\ReclaiMe.config

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll
    [2016-01-31 08:35] - [2009-07-14 10:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-19 12:03

    ==================== End of FRST.txt ============================
     
  7. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    ADDITION


    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
    Ran by Daniel M. Burkus (2016-03-26 10:58:04)
    Running from C:\Users\Daniel M. Burkus.PC\Desktop
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
    Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
    Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
    ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
    Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
    FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
    GOM Player (HKLM\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
    Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
    K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
    MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
    NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
    Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
    Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
    TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {24EAC4BE-B459-44E4-9847-02174A676EA0} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
    Task: {2E7584C7-0090-4DE2-AAE4-03D7F7D4A87D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-02] (AVAST Software)
    Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
    Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
    Task: {B9B5EEE0-7447-4EC2-A8EB-FC19790E5369} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
    Task: {C8C7DDD9-1767-446A-AE61-65105B310ABB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
    Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============


    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7882 more sites.

    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

    There are 7880 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 11:04 - 2016-03-26 09:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{763C9D5E-ECFE-4D3A-AF81-CC4EBB84CF83}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{B8C3A556-31F9-4237-BA72-805C9C7E79A6}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{E7E15744-6AA7-40EA-87BE-E5FD2DC12D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{CCBC611D-95BA-48BA-AC62-BC052843BA17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    22-03-2016 14:44:42 End of disinfection
    24-03-2016 09:30:16 Restore Operation
    26-03-2016 07:32:02 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 07:33:55 Device Driver Package Install: NETGEAR Inc. Network Protocol
    26-03-2016 09:05:32 JRT Pre-Junkware Removal
    26-03-2016 10:06:08 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 10:10:12 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 10:11:04 Device Driver Package Install: NETGEAR Inc. Network Protocol

    ==================== Faulty Device Manager Devices =============

    Name: avast! Revert
    Description: avast! Revert
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswRvrt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: avast! VM Monitor
    Description: avast! VM Monitor
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: aswVmm
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard floppy disk controller
    Description: Standard floppy disk controller
    Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard floppy disk controllers)
    Service: fdc
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/26/2016 10:52:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 10:52:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 10:48:26 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 10:48:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 10:20:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 10:20:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 10:06:07 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {fce634df-d2be-4922-80d0-d09090128ed2}

    Error: (03/26/2016 10:04:31 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 10:04:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 09:44:46 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: services.exe, version: 6.1.7601.18829, time stamp: 0x552b22e1
    Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd4d2
    Exception code: 0xc0000005
    Fault offset: 0x00030388
    Faulting process id: 0x244
    Faulting application start time: 0xservices.exe0
    Faulting application path: services.exe1
    Faulting module path: services.exe2
    Report Id: services.exe3


    System errors:
    =============
    Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
    Percentage of memory in use: 26%
    Total physical RAM: 3071.3 MB
    Available physical RAM: 2254.5 MB
    Total Virtual: 6140.93 MB
    Available Virtual: 5380 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.79 GB) (Free:199.92 GB) NTFS
    Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:66.61 GB) NTFS
    Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:67.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Any particular reason for Safe Mode?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  9. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Malwarebytes:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/26/2016
    Scan Time: 11:55 AM
    Logfile: Malwarebytes Scan.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.03.25.04
    Rootkit Database: v2016.03.12.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Daniel M. Burkus

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 569511
    Time Elapsed: 20 min, 56 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    AdwareCleaner:


    # AdwCleaner v5.105 - Logfile created 26/03/2016 at 13:07:37
    # Updated 21/03/2016 by Xplode
    # Database : 2016-03-20.7 [Local]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x86)
    # Username : Daniel M. Burkus - PC
    # Running from : C:\Users\Daniel M. Burkus.PC\Desktop\adwcleaner_5.105.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [847 bytes] - [26/03/2016 13:07:37]
    C:\AdwCleaner\AdwCleaner[S1].txt - [902 bytes] - [26/03/2016 12:54:35]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [991 bytes] ##########
     
  11. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    JunkwareRemovalTool


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 7 Ultimate x86
    Ran by Daniel M. Burkus (Administrator) on Sat 03/26/2016 at 13:10:52.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 16

    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43OFRK3P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DOYFYQ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADB3U0CI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW7SEP82 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK9K8AE1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCV1VR2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5R5PHRE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5I8LIUT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43OFRK3P (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DOYFYQ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADB3U0CI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW7SEP82 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK9K8AE1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCV1VR2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5R5PHRE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5I8LIUT (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 03/26/2016 at 13:15:23.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Earlier this morning I ran most of these scans. There were things on the RogueKiller scan (in addition to 5 or 6 pups that I did not take note of) that did not appear on the later scans:

    SSDT:Inl (Hook.SSDT) (Path) 99, ZwDeleteAtom
    (Data) win32k.sys, C:\Windows\System32\win32k.sys @
    0xffffffff9e0f7f46

    SSDT:Inl (Hook.SSDT) (Path) 129, ZwFlushWriteBuffer
    (Data) halmacpi.dll, C:\Windows \System32\halmacpi.dll @ 0xffffffff82c15468

    (Unfortunately I did not notice how to save the log -- as I explained, my eyesight is not good, and I can only see things that I am looking at directly. Buttons on the bottom of windows are not in my field of vision unless I look for them.)

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    The first RogueKiller scan:


    RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Daniel M. Burkus [Administrator]
    Started from : C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller.exe
    Mode : Scan -- Date : 03/26/2016 11:25:03

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 3 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] aich2zne.default : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3250318AS ATA Device +++++
    --- User ---
    [MBR] b1a2fd097a23ca69b6b12abaa342e59f
    [BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
    --- User ---
    [MBR] 049945051fe77a2a7945126d5255a9c2
    [BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
    --- User ---
    [MBR] d151fc54efa59ff995497b97b7e64c5e
    [BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  13. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    The second RogueKiller scan:

    RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Daniel M. Burkus [Administrator]
    Started from : C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 03/26/2016 11:53:51

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
    [SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff9e1a7f46 (call dword [0x82d3dd14])
    [SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff83039468 (call dword [0x82c140b4])

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] aich2zne.default : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3250318AS ATA Device +++++
    --- User ---
    [MBR] b1a2fd097a23ca69b6b12abaa342e59f
    [BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
    --- User ---
    [MBR] 049945051fe77a2a7945126d5255a9c2
    [BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
    --- User ---
    [MBR] d151fc54efa59ff995497b97b7e64c5e
    [BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK



    Sorry for the mix-up -- I think I forgot to attach these scans earlier.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    ComboFix 16-03-19.01 - Daniel M. Burkus 03/26/2016 21:10:04.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2001 [GMT 9:00]
    Running from: c:\my documents\A - Software Shortcuts\Malware Scanning Tools\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-02-26 to 2016-03-26 )))))))))))))))))))))))))))))))
    .
    .
    2016-03-26 12:23 . 2016-03-26 12:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\offreg.3064.dll
    2016-03-26 12:21 . 2016-03-26 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-03-26 08:13 . 2016-03-26 08:15 -------- d-----w- C:\My Documents
    2016-03-26 03:54 . 2016-03-26 04:07 -------- d-----w- C:\AdwCleaner
    2016-03-26 01:10 . 2009-11-05 23:37 699896 ----a-w- c:\windows\system32\drivers\bcmwlhigh6.sys
    2016-03-26 01:10 . 2009-11-05 23:31 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2016-03-26 01:10 . 2009-11-05 23:31 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
    2016-03-26 01:10 . 2009-11-05 23:31 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
    2016-03-26 01:10 . 2009-11-05 23:31 1176312 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2016-03-26 01:10 . 2007-01-19 09:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
    2016-03-26 01:10 . 2016-03-26 01:10 -------- d-----w- c:\program files\NETGEAR
    2016-03-26 01:10 . 2010-02-03 02:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
    2016-03-26 01:10 . 2016-03-26 01:10 -------- d--h--w- c:\program files\InstallShield Installation Information
    2016-03-26 00:23 . 2016-03-26 00:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\offreg.3088.dll
    2016-03-25 22:46 . 2016-03-26 02:00 -------- d-----w- C:\FRST
    2016-03-25 09:43 . 2016-03-26 10:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2016-03-25 07:49 . 2016-03-26 00:33 -------- d-----w- C:\Restore Removed Folders
    2016-03-24 22:49 . 2016-03-24 22:54 -------- d-----w- c:\program files\Software by Design
    2016-03-24 22:49 . 2013-04-09 06:00 86016 ------w- c:\windows\SDUnInst.exe
    2016-03-24 04:15 . 2016-03-24 09:40 -------- d-----w- c:\program files\Recuva
    2016-03-24 00:57 . 2016-03-24 01:08 -------- d-----w- c:\users\Daniel M. Burkus (n)
    2016-03-23 23:52 . 2016-03-24 01:06 -------- d-----w- C:\Scans to Run
    2016-03-23 22:59 . 2016-03-26 12:05 -------- d-----w- c:\users\Daniel M. Burkus.PC
    2016-03-23 12:17 . 2016-03-23 12:17 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2016-03-23 07:09 . 2016-03-24 01:06 -------- d-----w- c:\users\Public\Foxit Software
    2016-03-23 06:46 . 2016-03-23 13:31 -------- d-----w- c:\users\TEMP
    2016-03-22 00:16 . 2016-02-19 01:31 9067696 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\mpengine.dll
    2016-03-19 21:01 . 2016-03-19 21:01 -------- d-----w- c:\programdata\Foxit ContentPlatform
    2016-03-19 21:00 . 2016-03-19 21:00 -------- d-----w- c:\program files\Foxit Software
    2016-03-16 23:50 . 2016-03-16 23:50 -------- d-----w- c:\program files\AbleWord
    2016-03-16 23:50 . 2007-03-10 01:11 2680320 ----a-w- c:\windows\system32\ImageEnXLibrary.ocx
    2016-03-16 23:50 . 2016-03-17 00:06 -------- d-----w- C:\FreeOCR
    2016-03-13 13:46 . 2016-03-13 13:47 54887136 ----a-w- c:\program files\Windows Defender\Windows-KB890830-V5.34.exe
    2016-03-13 06:59 . 2016-02-04 17:46 2387456 ----a-w- c:\windows\system32\win32k.sys
    2016-03-13 06:58 . 2016-02-04 18:41 296448 ----a-w- c:\windows\system32\mfds.dll
    2016-03-13 06:58 . 2016-02-03 18:49 90624 ----a-w- c:\windows\system32\olepro32.dll
    2016-03-13 06:58 . 2016-02-03 18:49 572416 ----a-w- c:\windows\system32\oleaut32.dll
    2016-03-13 06:58 . 2016-02-03 18:43 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2016-03-13 06:58 . 2016-02-05 18:44 26112 ----a-w- c:\windows\system32\lpk.dll
    2016-03-13 06:58 . 2016-02-05 18:44 70656 ----a-w- c:\windows\system32\fontsub.dll
    2016-03-13 06:58 . 2016-02-05 18:42 10240 ----a-w- c:\windows\system32\dciman32.dll
    2016-03-13 06:58 . 2016-02-05 17:43 299520 ----a-w- c:\windows\system32\atmfd.dll
    2016-03-13 06:58 . 2016-02-05 17:43 34304 ----a-w- c:\windows\system32\atmlib.dll
    2016-03-13 03:27 . 2016-03-13 03:27 -------- d-----w- c:\windows\CheckSur
    2016-03-10 23:30 . 2016-03-25 21:30 -------- d-----w- c:\program files\Google
    2016-03-10 22:46 . 2016-03-10 22:46 -------- d--h--w- C:\$windows.~bt
    2016-03-10 22:42 . 2016-03-10 22:42 -------- d-----w- c:\program files\AEGIS-Voat
    2016-03-10 22:31 . 2016-03-10 22:31 -------- d-----w- C:\2d3f5ed3ad81cf6d8f1e358b68f9
    2016-03-10 12:46 . 2016-03-26 00:02 -------- d-----w- c:\program files\AdwCleaner
    2016-03-10 12:10 . 2016-02-09 09:50 21504 ----a-w- c:\windows\system32\seclogon.dll
    2016-03-08 21:03 . 2016-03-08 21:03 -------- d-----w- c:\program files\Common Files\Adobe
    2016-03-01 22:31 . 2016-03-01 22:30 334280 ----a-w- c:\windows\system32\aswBoot.exe
    2016-03-01 22:30 . 2016-03-01 22:30 52184 ----a-w- c:\windows\avastSS.scr
    2016-03-01 13:38 . 2016-03-01 13:38 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-03-26 02:55 . 2016-01-29 07:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-03-26 02:39 . 2016-02-15 05:58 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-03-24 09:03 . 2016-01-28 20:02 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2016-03-24 09:03 . 2016-01-28 20:02 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2016-03-10 05:09 . 2016-01-29 07:20 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-03-10 05:08 . 2016-01-29 07:20 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-03-10 05:08 . 2016-01-29 07:20 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-03-09 21:53 . 2016-01-29 07:31 816304 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2016-03-09 21:53 . 2016-01-29 07:31 91168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2016-03-01 22:32 . 2016-01-29 07:31 447848 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2016-03-01 22:32 . 2016-01-29 07:31 221240 ----a-w- c:\windows\system32\drivers\aswvmm.sys
    2016-03-01 22:31 . 2016-01-29 07:31 127432 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2016-03-01 22:30 . 2016-01-29 07:31 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2016-03-01 22:30 . 2016-01-29 07:31 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2016-03-01 22:30 . 2016-01-29 07:31 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2016-02-14 03:58 . 2016-02-19 21:20 134928 ----a-w- c:\windows\system32\drivers\SIVX32.sys
    2016-02-02 12:45 . 2016-02-02 12:45 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
    2016-01-30 17:42 . 2016-01-30 17:42 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2016-01-30 17:42 . 2016-01-30 17:42 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
    2016-01-30 17:42 . 2016-01-30 17:42 220160 ----a-w- c:\windows\system32\d3d10core.dll
    2016-01-30 17:42 . 2016-01-30 17:42 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2016-01-30 17:42 . 2016-01-30 17:42 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2016-01-30 17:42 . 2016-01-30 17:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
    2016-01-30 17:42 . 2016-01-30 17:42 1080832 ----a-w- c:\windows\system32\d3d10.dll
    2016-01-30 17:42 . 2016-01-30 17:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2016-01-30 17:42 . 2016-01-30 17:42 604160 ----a-w- c:\windows\system32\d3d10level9.dll
    2016-01-30 17:42 . 2016-01-30 17:42 293376 ----a-w- c:\windows\system32\dxgi.dll
    2016-01-30 17:42 . 2016-01-30 17:42 187392 ----a-w- c:\windows\system32\UIAnimation.dll
    2016-01-29 13:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2016-01-22 07:56 . 2016-01-29 10:14 89008 ----a-w- c:\windows\system32\cpwmon2k.dll
    2016-01-22 06:06 . 2016-02-09 23:11 169984 ----a-w- c:\windows\system32\winsrv.dll
    2016-01-22 06:04 . 2016-02-09 23:11 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2016-01-22 06:04 . 2016-02-09 23:11 535040 ----a-w- c:\windows\system32\EncDec.dll
    2016-01-22 06:02 . 2016-02-09 23:11 114176 ----a-w- c:\windows\system32\mtxoci.dll
    2016-01-22 06:02 . 2016-02-09 23:11 176128 ----a-w- c:\windows\system32\msorcl32.dll
    2016-01-22 06:02 . 2016-02-09 23:11 293888 ----a-w- c:\windows\system32\KernelBase.dll
    2016-01-22 05:59 . 2016-02-09 23:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-01-22 05:01 . 2016-02-09 23:11 271360 ----a-w- c:\windows\system32\conhost.exe
    2016-01-22 04:51 . 2016-02-09 23:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-01-22 04:51 . 2016-02-09 23:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-01-22 04:51 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-01-22 04:51 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-01-16 18:36 . 2016-02-09 23:10 1413632 ----a-w- c:\windows\system32\ole32.dll
    2016-01-07 17:35 . 2016-02-09 23:10 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2016-01-06 18:41 . 2016-02-09 23:10 216064 ----a-w- c:\windows\system32\InkEd.dll
    2016-01-06 17:56 . 2016-02-09 23:10 19968 ----a-w- c:\windows\system32\jnwmon.dll
    2016-01-06 17:56 . 2016-02-09 23:10 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
    2014-03-07 01:03 3109520 --sha-r- c:\windows\System32\avcodec-lav-55.dll
    2014-03-07 01:03 98960 --sha-r- c:\windows\System32\avfilter-lav-4.dll
    2014-03-07 01:03 550032 --sha-r- c:\windows\System32\avformat-lav-55.dll
    2009-09-27 00:39 415744 --sh--w- c:\windows\System32\avisynth.dll
    2014-03-07 01:03 59536 --sha-r- c:\windows\System32\avresample-lav-1.dll
    2005-07-14 03:31 32256 --sh--w- c:\windows\System32\AVSredirect.dll
    2014-03-07 01:03 181392 --sha-r- c:\windows\System32\avutil-lav-52.dll
    2004-02-22 01:11 764416 --sh--w- c:\windows\System32\devil.dll
    2014-03-07 01:03 122512 --sha-r- c:\windows\System32\HLaudio.dll
    2014-03-07 01:03 203408 --sha-r- c:\windows\System32\HLsplit.dll
    2014-03-07 01:03 313520 --sha-r- c:\windows\System32\HLvideo.dll
    2004-01-24 15:00 70656 --sh--w- c:\windows\System32\i420vfw.dll
    2014-03-07 01:03 166544 --sha-r- c:\windows\System32\IntelQuickSyncDecoder.dll
    2014-03-07 01:03 109712 --sha-r- c:\windows\System32\libbluray.dll
    2011-02-11 00:26 112128 --sha-r- c:\windows\System32\OptimFROG.dll
    2014-03-07 01:03 118416 --sha-r- c:\windows\System32\swscale-lav-2.dll
    2010-01-06 14:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
    2012-10-05 09:54 188416 --sha-r- c:\windows\System32\winDCE32.dll
    2004-01-24 15:00 70656 --sh--w- c:\windows\System32\yv12vfw.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2016-03-01 22:30 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-03-25 6825888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-23 7139256]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-01-29 280576]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2016-3-26 4577760]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2016-2-2 605400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    "EnableSecureUIAPath"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
    "4.27.253.253,255.255.255.255,0.0.0.0,1"=""
    "8.12.223.254,255.255.255.255,0.0.0.0,1"=""
    "8.26.206.252,255.255.255.255,0.0.0.0,1"=""
    "8.26.207.126,255.255.255.255,0.0.0.0,1"=""
    "8.26.209.126,255.255.255.255,0.0.0.0,1"=""
    "8.26.210.126,255.255.255.255,0.0.0.0,1"=""
    "8.254.56.254,255.255.255.255,0.0.0.0,1"=""
    "8.254.58.254,255.255.255.255,0.0.0.0,1"=""
    "8.254.233.126,255.255.255.255,0.0.0.0,1"=""
    "8.254.240.126,255.255.255.255,0.0.0.0,1"=""
    "8.254.248.254,255.255.255.255,0.0.0.0,1"=""
    "23.15.21.165,255.255.255.255,0.0.0.0,1"=""
    "23.47.87.76,255.255.255.255,0.0.0.0,1"=""
    "23.52.88.70,255.255.255.255,0.0.0.0,1"=""
    "23.96.212.225,255.255.255.255,0.0.0.0,1"=""
    "23.98.49.14,255.255.255.255,0.0.0.0,1"=""
    "23.103.189.125,255.255.255.255,0.0.0.0,1"=""
    "23.211.123.156,255.255.255.255,0.0.0.0,1"=""
    "31.13.73.2,255.255.255.255,0.0.0.0,1"=""
    "40.117.230.39,255.255.255.255,0.0.0.0,1"=""
    "54.243.53.207,255.255.255.255,0.0.0.0,1"=""
    "54.243.135.126,255.255.255.255,0.0.0.0,1"=""
    "63.241.108.111,255.255.255.255,0.0.0.0,1"=""
    "63.241.108.124,255.255.255.255,0.0.0.0,1"=""
    "64.4.6.100,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.32,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.116,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.165,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.167,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.253,255.255.255.255,0.0.0.0,1"=""
    "64.4.54.254,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.7,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.9,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.11,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.91,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.92,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.93,255.255.255.255,0.0.0.0,1"=""
    "65.52.100.94,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.2,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.3,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.11,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.27,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.29,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.33,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.52,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.56,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.59,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.90,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.92,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.153,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.154,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.251,255.255.255.255,0.0.0.0,1"=""
    "65.52.108.254,255.255.255.255,0.0.0.0,1"=""
    "65.54.192.248,255.255.255.255,0.0.0.0,1"=""
    "65.54.226.187,255.255.255.255,0.0.0.0,1"=""
    "65.55.2.2,255.255.255.255,0.0.0.0,1"=""
    "65.55.29.238,255.255.255.255,0.0.0.0,1"=""
    "65.55.39.10,255.255.255.255,0.0.0.0,1"=""
    "65.55.44.82,255.255.255.255,0.0.0.0,1"=""
    "65.55.44.108,255.255.255.255,0.0.0.0,1"=""
    "65.55.44.109,255.255.255.255,0.0.0.0,1"=""
    "65.55.52.23,255.255.255.255,0.0.0.0,1"=""
    "65.55.108.23,255.255.255.255,0.0.0.0,1"=""
    "65.55.113.11,255.255.255.255,0.0.0.0,1"=""
    "65.55.113.12,255.255.255.255,0.0.0.0,1"=""
    "65.55.113.13,255.255.255.255,0.0.0.0,1"=""
    "65.55.128.80,255.255.255.255,0.0.0.0,1"=""
    "65.55.128.81,255.255.255.255,0.0.0.0,1"=""
    "65.55.149.120,255.255.255.255,0.0.0.0,1"=""
    "65.55.163.222,255.255.255.255,0.0.0.0,1"=""
    "65.55.227.188,255.255.255.255,0.0.0.0,1"=""
    "65.55.252.43,255.255.255.255,0.0.0.0,1"=""
    "65.55.252.63,255.255.255.255,0.0.0.0,1"=""
    "65.55.252.71,255.255.255.255,0.0.0.0,1"=""
    "65.55.252.93,255.255.255.255,0.0.0.0,1"=""
    "65.55.252.190,255.255.255.255,0.0.0.0,1"=""
    "66.119.144.158,255.255.255.255,0.0.0.0,1"=""
    "66.119.152.204,255.255.255.255,0.0.0.0,1"=""
    "66.235.138.193,255.255.255.255,0.0.0.0,1"=""
    "66.235.138.194,255.255.255.255,0.0.0.0,1"=""
    "66.235.138.195,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.17,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.18,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.19,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.205,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.206,255.255.255.255,0.0.0.0,1"=""
    "66.235.139.207,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.1,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.4,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.5,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.6,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.7,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.8,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.91,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.94,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.97,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.103,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.110,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.120,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.131,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.132,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.167,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.172,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.173,255.255.255.255,0.0.0.0,1"=""
    "68.67.152.174,255.255.255.255,0.0.0.0,1"=""
    "68.67.153.37,255.255.255.255,0.0.0.0,1"=""
    "68.67.153.40,255.255.255.255,0.0.0.0,1"=""
    "68.67.153.44,255.255.255.255,0.0.0.0,1"=""
    "68.67.153.87,255.255.255.255,0.0.0.0,1"=""
    "68.67.153.89,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.42,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.43,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.44,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.47,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.48,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.50,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.51,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.52,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.128,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.129,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.145,255.255.255.255,0.0.0.0,1"=""
    "68.67.176.146,255.255.255.255,0.0.0.0,1"=""
    "74.125.21.148,255.255.255.255,0.0.0.0,1"=""
    "74.125.21.149,255.255.255.255,0.0.0.0,1"=""
    "93.184.215.200,255.255.255.255,0.0.0.0,1"=""
    "94.245.121.176,255.255.255.255,0.0.0.0,1"=""
    "94.245.121.177,255.255.255.255,0.0.0.0,1"=""
    "94.245.121.178,255.255.255.255,0.0.0.0,1"=""
    "94.245.121.179,255.255.255.255,0.0.0.0,1"=""
    "94.245.121.253,255.255.255.255,0.0.0.0,1"=""
    "96.16.144.23,255.255.255.255,0.0.0.0,1"=""
    "96.16.151.81,255.255.255.255,0.0.0.0,1"=""
    "96.17.68.131,255.255.255.255,0.0.0.0,1"=""
    "96.17.70.242,255.255.255.255,0.0.0.0,1"=""
    "104.43.203.255,255.255.255.255,0.0.0.0,1"=""
    "104.45.136.42,255.255.255.255,0.0.0.0,1"=""
    "104.70.208.236,255.255.255.255,0.0.0.0,1"=""
    "104.70.215.152,255.255.255.255,0.0.0.0,1"=""
    "104.90.75.122,255.255.255.255,0.0.0.0,1"=""
    "104.90.89.185,255.255.255.255,0.0.0.0,1"=""
    "104.90.92.235,255.255.255.255,0.0.0.0,1"=""
    "104.93.174.145,255.255.255.255,0.0.0.0,1"=""
    "104.93.176.29,255.255.255.255,0.0.0.0,1"=""
    "104.93.196.53,255.255.255.255,0.0.0.0,1"=""
    "104.107.39.56,255.255.255.255,0.0.0.0,1"=""
    "107.20.234.199,255.255.255.255,0.0.0.0,1"=""
    "107.21.246.114,255.255.255.255,0.0.0.0,1"=""
    "111.221.29.253,255.255.255.255,0.0.0.0,1"=""
    "111.221.29.254,255.255.255.255,0.0.0.0,1"=""
    "131.107.113.238,255.255.255.255,0.0.0.0,1"=""
    "131.107.255.255,255.255.255.255,0.0.0.0,1"=""
    "131.253.14.76,255.255.255.255,0.0.0.0,1"=""
    "131.253.14.194,255.255.255.255,0.0.0.0,1"=""
    "131.253.34.230,255.255.255.255,0.0.0.0,1"=""
    "131.253.40.44,255.255.255.255,0.0.0.0,1"=""
    "131.253.40.47,255.255.255.255,0.0.0.0,1"=""
    "131.253.40.53,255.255.255.255,0.0.0.0,1"=""
    "131.253.40.109,255.255.255.255,0.0.0.0,1"=""
    "134.170.30.221,255.255.255.255,0.0.0.0,1"=""
    "134.170.52.151,255.255.255.255,0.0.0.0,1"=""
    "134.170.58.190,255.255.255.255,0.0.0.0,1"=""
    "134.170.107.176,255.255.255.255,0.0.0.0,1"=""
    "134.170.108.72,255.255.255.255,0.0.0.0,1"=""
    "134.170.115.60,255.255.255.255,0.0.0.0,1"=""
    "134.170.119.140,255.255.255.255,0.0.0.0,1"=""
    "134.170.184.133,255.255.255.255,0.0.0.0,1"=""
    "134.170.185.126,255.255.255.255,0.0.0.0,1"=""
    "134.170.188.248,255.255.255.255,0.0.0.0,1"=""
    "137.117.100.176,255.255.255.255,0.0.0.0,1"=""
    "157.55.129.21,255.255.255.255,0.0.0.0,1"=""
    "157.56.23.91,255.255.255.255,0.0.0.0,1"=""
    "157.56.57.5,255.255.255.255,0.0.0.0,1"=""
    "157.56.96.58,255.255.255.255,0.0.0.0,1"=""
    "157.56.96.80,255.255.255.255,0.0.0.0,1"=""
    "157.56.96.123,255.255.255.255,0.0.0.0,1"=""
    "157.56.96.208,255.255.255.255,0.0.0.0,1"=""
    "157.56.100.83,255.255.255.255,0.0.0.0,1"=""
    "168.62.11.145,255.255.255.255,0.0.0.0,1"=""
    "168.62.21.207,255.255.255.255,0.0.0.0,1"=""
    "168.62.187.13,255.255.255.255,0.0.0.0,1"=""
    "172.232.221.65,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.139,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.144,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.145,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.146,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.168,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.177,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.192,255.255.255.255,0.0.0.0,1"=""
    "173.205.24.193,255.255.255.255,0.0.0.0,1"=""
    "173.205.27.211,255.255.255.255,0.0.0.0,1"=""
    "173.205.27.227,255.255.255.255,0.0.0.0,1"=""
    "184.26.143.177,255.255.255.255,0.0.0.0,1"=""
    "184.26.143.194,255.255.255.255,0.0.0.0,1"=""
    "184.84.136.165,255.255.255.255,0.0.0.0,1"=""
    "184.84.139.153,255.255.255.255,0.0.0.0,1"=""
    "184.84.141.92,255.255.255.255,0.0.0.0,1"=""
    "184.84.141.139,255.255.255.255,0.0.0.0,1"=""
    "184.84.170.70,255.255.255.255,0.0.0.0,1"=""
    "184.84.170.239,255.255.255.255,0.0.0.0,1"=""
    "191.232.80.60,255.255.255.255,0.0.0.0,1"=""
    "191.232.139.210,255.255.255.255,0.0.0.0,1"=""
    "191.232.139.253,255.255.255.255,0.0.0.0,1"=""
    "191.232.140.76,255.255.255.255,0.0.0.0,1"=""
    "191.234.72.190,255.255.255.255,0.0.0.0,1"=""
    "191.236.16.12,255.255.255.255,0.0.0.0,1"=""
    "191.238.241.80,255.255.255.255,0.0.0.0,1"=""
    "192.243.250.72,255.255.255.255,0.0.0.0,1"=""
    "192.243.250.88,255.255.255.255,0.0.0.0,1"=""
    "198.78.206.253,255.255.255.255,0.0.0.0,1"=""
    "207.46.7.252,255.255.255.255,0.0.0.0,1"=""
    "207.46.11.152,255.255.255.255,0.0.0.0,1"=""
    "207.46.202.114,255.255.255.255,0.0.0.0,1"=""
    "207.46.223.94,255.255.255.255,0.0.0.0,1"=""
    "207.68.166.254,255.255.255.255,0.0.0.0,1"=""
    "216.38.160.128,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.10,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.17,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.19,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.25,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.27,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.32,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.33,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.35,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.41,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.49,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.51,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.59,255.255.255.255,0.0.0.0,1"=""
    "216.156.199.65,255.255.255.255,0.0.0.0,1"=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
    @="Service"
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-03-01 127432]
    R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2016-02-02 16024]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
    R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2016-02-14 134928]
    R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2015-10-20 153352]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-03-23 35096]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-03-09 816304]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-03-01 447848]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-03-01 32792]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-03-09 91168]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2016-02-02 1570520]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2016-02-02 837848]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-03 409800]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-05 699896]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    utcsvc REG_MULTI_SZ DiagTrack
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
    2015-12-18 15:42 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-28 09:03]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\
    FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-CleanHlp
    SafeBoot-CleanHlp.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1928)
    c:\program files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\conhost.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2016-03-26 21:31:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2016-03-26 12:31
    ComboFix2.txt 2016-03-26 00:31
    ComboFix3.txt 2016-03-24 00:16
    .
    Pre-Run: 213,846,253,568 bytes free
    Post-Run: 213,563,183,104 bytes free
    .
    - - End Of File - - A19352750B28A5A7F2EF608C58EA42FC
    A36C5E4F47E84449FF07ED3517B43A31
     
  16. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  17. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
    Ran by Daniel M. Burkus (administrator) on PC (27-03-2016 14:17:51)
    Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
    Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    () C:\Program Files\Unlocker\UnlockerAssistant.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Secunia) C:\Program Files\Secunia\PSI\psia.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
    HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-03-26] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-02] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2016-03-26]
    ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-21]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{64DEE58B-1BB1-4EC3-A5F5-F207663D912E}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02] (AVAST Software)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default
    FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
    FF Extension: CacheViewer - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-03-24]
    FF Extension: Restart Button - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\restartbutton@strk.jp.xpi [2016-03-24]
    FF Extension: CacheViewer2 - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\cacheview2@scriptkitz.ml [2016-03-24]
    FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\artur.dubovoy@gmail.com [2016-03-24]
    FF Extension: AdBlock Ultimate - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-24]
    FF Extension: Click to Play per-element - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-03-26]
    FF Extension: Webmail Ad Blocker - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\gmailnoads@mywebber.com.xpi [2016-03-24]
    FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-24]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-24]

    Chrome:
    =======
    CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
    CHR Extension: (No Name) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
    CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-24]
    CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
    CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-02] (AVAST Software)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
    S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
    S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153352 2015-10-20] (Sophos Limited)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    S2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-02] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-10] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-02] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-02] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-02] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-02] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-02] (AVAST Software)
    R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
    S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
    R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
    R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
    R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
    R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-26 21:31 - 2016-03-26 21:31 - 00033063 _____ C:\ComboFix.txt
    2016-03-26 19:27 - 2016-03-26 19:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
    2016-03-26 17:13 - 2016-03-26 17:15 - 00000000 ____D C:\My Documents
    2016-03-26 17:13 - 2016-03-26 17:13 - 00000723 _____ C:\Users\Daniel M. Burkus.PC\Desktop\My Documents - Shortcut.lnk
    2016-03-26 15:13 - 2016-03-26 21:35 - 00007392 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Elmar's letter..txt
    2016-03-26 12:54 - 2016-03-26 13:07 - 00000000 ____D C:\AdwCleaner
    2016-03-26 11:06 - 2016-03-27 11:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\New Scans
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
    2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\Program Files\NETGEAR
    2016-03-26 10:10 - 2010-02-03 11:20 - 00050704 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
    2016-03-26 10:10 - 2009-11-06 08:37 - 00699896 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh6.sys
    2016-03-26 10:10 - 2009-11-06 08:31 - 03862528 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 03551232 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 01176312 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
    2016-03-26 10:10 - 2009-11-06 08:31 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
    2016-03-26 10:10 - 2007-01-19 18:20 - 00021728 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
    2016-03-26 07:46 - 2016-03-27 14:17 - 00000000 ____D C:\FRST
    2016-03-26 07:46 - 2016-03-26 12:52 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCANS
    2016-03-26 07:03 - 2016-03-24 09:12 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160326-070351.backup
    2016-03-25 18:43 - 2016-03-26 19:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-03-25 18:43 - 2016-03-25 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2016-03-25 16:49 - 2016-03-26 09:33 - 00000000 ____D C:\Restore Removed Folders
    2016-03-25 15:39 - 2016-03-25 15:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AVMedia Files
    2016-03-25 14:57 - 2016-03-25 14:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\SUPERAntiSpyware.com
    2016-03-25 07:49 - 2016-03-25 07:54 - 00000000 ____D C:\Program Files\Software by Design
    2016-03-25 07:49 - 2016-03-25 07:49 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Software by Design
    2016-03-25 07:49 - 2013-04-09 15:00 - 00086016 ____N (Software Design) C:\Windows\SDUnInst.exe
    2016-03-25 07:33 - 2016-03-21 21:47 - 00001245 _____ C:\Users\Daniel M. Burkus.PC\Desktop\taskmanager.exe.lnk
    2016-03-25 07:33 - 2016-03-14 07:41 - 00001480 _____ C:\Users\Daniel M. Burkus.PC\Desktop\KB LIST.txt.lnk
    2016-03-25 07:33 - 2016-03-13 11:42 - 00000561 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Windows Update.lnk
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3), Notes.txt
    2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2), Notes.txt
    2016-03-24 22:25 - 2016-03-25 10:23 - 00007592 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1), Notes.txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5).txt
    2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4).txt
    2016-03-24 22:23 - 2016-03-25 10:25 - 00000640 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1).txt
    2016-03-24 22:23 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3).txt
    2016-03-24 22:23 - 2016-03-25 09:21 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2).txt
    2016-03-24 21:39 - 2016-03-24 21:40 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\14 - Bon-date no Densho
    2016-03-24 21:37 - 2016-03-24 21:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\13 - Matsue Sotoku-ate no Densho
    2016-03-24 20:56 - 2016-03-24 22:29 - 00000858 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
    2016-03-24 20:40 - 2016-03-24 20:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Blog Documents
    2016-03-24 20:26 - 2016-03-24 20:26 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\WinRAR
    2016-03-24 19:46 - 2016-03-24 19:46 - 00931330 _____ C:\Users\Daniel M. Burkus.PC\Desktop\To Kill a Mockingbird (Harper Lee).pdf
    2016-03-24 19:45 - 2016-03-24 19:45 - 00546794 _____ C:\Users\Daniel M. Burkus.PC\Desktop\The Perks of Being a Wallflower (Stephen Chbosky).pdf
    2016-03-24 19:18 - 2016-03-24 19:18 - 00000913 _____ C:\ProgramData\ReclaiMe.config
    2016-03-24 19:18 - 2016-03-24 19:18 - 00000438 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
    2016-03-24 19:10 - 2016-03-24 19:12 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Foxit Software
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Adobe
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CEF
    2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
    2016-03-24 16:22 - 2016-03-24 16:22 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\HWP
    2016-03-24 16:17 - 2016-03-24 16:17 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IrfanView
    2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\NVIDIA
    2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
    2016-03-24 13:40 - 2016-03-24 13:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Hnc
    2016-03-24 13:15 - 2016-03-24 18:40 - 00000000 ____D C:\Program Files\Recuva
    2016-03-24 13:15 - 2016-03-24 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2016-03-24 10:32 - 2016-03-24 10:32 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\ElevatedDiagnostics
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\AVAST Software
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\Adobe
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\NVIDIA
    2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\Google
    2016-03-24 09:57 - 2016-03-24 10:08 - 00000000 ____D C:\Users\Daniel M. Burkus (n)
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\My Documents
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Videos
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Pictures
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Music
    2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\VirtualStore
    2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\SUPERAntiSpyware.com
    2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\AVAST Software
    2016-03-24 08:57 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-03-24 08:57 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-03-24 08:57 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
    2016-03-24 08:57 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
    2016-03-24 08:52 - 2016-03-24 10:06 - 00000000 ____D C:\Scans to Run
    2016-03-24 08:48 - 2016-03-26 21:31 - 00000000 ____D C:\Qoobox
    2016-03-24 08:45 - 2016-03-24 08:45 - 01725440 _____ (Farbar) C:\FRST.exe
    2016-03-24 08:40 - 2016-03-24 08:40 - 05658151 ____R (Swearware) C:\ComboFix.exe
    2016-03-24 08:37 - 2016-03-24 08:37 - 00064568 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Macromedia
    2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Macromedia
    2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla
    2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Mozilla
    2016-03-24 08:00 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Adobe
    2016-03-24 08:00 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NVIDIA
    2016-03-24 08:00 - 2016-03-24 08:00 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
    2016-03-24 07:59 - 2016-03-26 21:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
    2016-03-24 07:59 - 2016-03-25 18:48 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\VirtualStore
    2016-03-24 07:59 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Google
    2016-03-24 07:59 - 2016-03-24 07:59 - 00001413 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 07:59 - 2016-03-24 07:59 - 00000020 ___SH C:\Users\Daniel M. Burkus.PC\ntuser.ini
    2016-03-24 07:59 - 2016-03-24 07:59 - 00000000 _SHDL C:\Users\Daniel M. Burkus.PC\My Documents
    2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Macromedia
    2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Macromedia
    2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Mozilla
    2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Mozilla
    2016-03-24 07:46 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\NVIDIA
    2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\AVAST Software
    2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Adobe
    2016-03-24 07:45 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.001\Virtual Machines
    2016-03-24 07:45 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Google
    2016-03-24 07:45 - 2016-03-24 07:47 - 00002201 _____ C:\Users\TEMP.PC.001\Desktop\Google Chrome.lnk
    2016-03-24 07:45 - 2016-03-24 07:45 - 00001413 _____ C:\Users\TEMP.PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 07:44 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.001
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000020 ___SH C:\Users\TEMP.PC.001\ntuser.ini
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\My Documents
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Videos
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Pictures
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Music
    2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\VirtualStore
    2016-03-24 07:43 - 2016-03-24 07:43 - 00003528 ____N C:\bootsqm.dat
    2016-03-24 06:46 - 2016-03-24 06:46 - 00064568 _____ C:\Users\TEMP.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 06:40 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.000\Virtual Machines
    2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\NVIDIA
    2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\Google
    2016-03-24 06:40 - 2016-03-24 06:42 - 00002201 _____ C:\Users\TEMP.PC.000\Desktop\Google Chrome.lnk
    2016-03-24 06:40 - 2016-03-24 06:40 - 00001413 _____ C:\Users\TEMP.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\AVAST Software
    2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\Adobe
    2016-03-24 06:39 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.000
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000020 ___SH C:\Users\TEMP.PC.000\ntuser.ini
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\My Documents
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Videos
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Pictures
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Music
    2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\VirtualStore
    2016-03-24 06:28 - 2016-03-24 06:28 - 00064568 _____ C:\Users\TEMP.PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\AVAST Software
    2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\Adobe
    2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC\Virtual Machines
    2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC
    2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\NVIDIA
    2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\Google
    2016-03-24 06:27 - 2016-03-24 06:29 - 00002201 _____ C:\Users\TEMP.PC\Desktop\Google Chrome.lnk
    2016-03-24 06:27 - 2016-03-24 06:27 - 00001413 _____ C:\Users\TEMP.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000020 ___SH C:\Users\TEMP.PC\ntuser.ini
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\My Documents
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Videos
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Pictures
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Music
    2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\VirtualStore
    2016-03-23 21:17 - 2016-03-23 21:17 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-03-23 21:17 - 2016-03-23 21:17 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-23 16:09 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-03-23 15:47 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
    2016-03-23 15:46 - 2016-03-23 22:31 - 00000000 ____D C:\Users\TEMP
    2016-03-23 15:46 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
    2016-03-20 06:01 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2016-03-20 06:01 - 2016-03-20 06:01 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
    2016-03-20 06:00 - 2016-03-20 06:00 - 00000000 ____D C:\Program Files\Foxit Software
    2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
    2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord
    2016-03-17 08:50 - 2016-03-17 09:06 - 00000000 ____D C:\FreeOCR
    2016-03-17 08:50 - 2016-03-17 08:50 - 00000000 ____D C:\Program Files\AbleWord
    2016-03-17 08:50 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
    2016-03-13 16:00 - 2016-02-12 03:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-03-13 16:00 - 2016-02-12 03:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-03-13 16:00 - 2016-02-12 03:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-03-13 16:00 - 2016-02-12 03:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-03-13 16:00 - 2016-02-12 03:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-03-13 16:00 - 2016-02-12 03:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-03-13 16:00 - 2016-02-12 03:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-03-13 16:00 - 2016-02-12 03:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-03-13 16:00 - 2016-02-12 03:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-03-13 16:00 - 2016-02-12 03:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-03-13 16:00 - 2016-02-12 03:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-03-13 16:00 - 2016-02-12 03:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-03-13 16:00 - 2016-02-12 03:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-03-13 16:00 - 2016-02-12 03:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-03-13 16:00 - 2016-02-12 03:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-03-13 16:00 - 2016-02-12 02:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-03-13 16:00 - 2016-02-12 02:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-03-13 16:00 - 2016-02-12 02:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-03-13 16:00 - 2016-02-12 02:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-03-13 16:00 - 2016-02-12 02:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-03-13 16:00 - 2016-02-12 02:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-03-13 16:00 - 2016-02-12 02:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-03-13 16:00 - 2016-02-12 02:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-03-13 16:00 - 2016-02-12 02:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-03-13 15:59 - 2016-02-05 02:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-03-13 15:58 - 2016-02-06 03:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-03-13 15:58 - 2016-02-06 03:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-03-13 15:58 - 2016-02-06 03:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-03-13 15:58 - 2016-02-06 02:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-03-13 15:58 - 2016-02-06 02:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-03-13 15:58 - 2016-02-05 03:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-03-13 15:58 - 2016-02-04 03:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-03-13 15:58 - 2016-02-04 03:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
    2016-03-13 15:58 - 2016-02-04 03:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-03-13 15:58 - 2016-02-04 02:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-03-13 12:27 - 2016-03-13 12:27 - 00000000 ____D C:\Windows\CheckSur
    2016-03-13 09:48 - 2016-03-11 07:45 - 00006262 _____ C:\Windows\system32\Drivers\etc\hosts.20160313-094841.backup
    2016-03-11 08:30 - 2016-03-26 06:30 - 00000000 ____D C:\Program Files\Google
    2016-03-11 07:46 - 2016-03-11 07:46 - 00000000 ___HD C:\$windows.~bt
    2016-03-11 07:42 - 2016-03-11 07:42 - 00000000 ____D C:\Program Files\AEGIS-Voat
    2016-03-11 07:31 - 2016-03-11 07:31 - 00000000 ____D C:\2d3f5ed3ad81cf6d8f1e358b68f9
    2016-03-10 21:46 - 2016-03-26 09:02 - 00000000 ____D C:\Program Files\AdwCleaner
    2016-03-10 21:10 - 2016-02-09 18:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-03-09 06:03 - 2016-03-17 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Adobe
    2016-03-02 07:31 - 2016-03-02 07:30 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-03-02 07:30 - 2016-03-02 07:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-03-01 22:38 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct MIDI to MP3 Converter
    2016-03-01 22:38 - 2016-03-01 22:38 - 00000000 ____D C:\Program Files\Direct MIDI to MP3 Converter

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-27 14:13 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-03-27 14:13 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-27 12:00 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-27 12:00 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-27 11:03 - 2016-02-19 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-26 21:25 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
    2016-03-26 21:21 - 2016-02-19 14:55 - 00000000 ____D C:\Windows\erdnt
    2016-03-26 20:11 - 2016-02-17 17:11 - 00000000 ____D C:\EEK
    2016-03-26 11:55 - 2016-01-29 16:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-26 11:39 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-03-26 11:10 - 2016-02-13 21:56 - 01127632 _____ C:\Windows\ntbtlog.txt
    2016-03-26 10:16 - 2016-01-29 02:16 - 00429336 _____ C:\Windows\system32\perfh012.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00417690 _____ C:\Windows\system32\perfh011.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00401934 _____ C:\Windows\system32\prfh0404.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00384862 _____ C:\Windows\system32\prfh0804.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00122062 _____ C:\Windows\system32\perfc011.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00120346 _____ C:\Windows\system32\perfc012.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00119554 _____ C:\Windows\system32\prfc0804.dat
    2016-03-26 10:16 - 2016-01-29 02:16 - 00115052 _____ C:\Windows\system32\prfc0404.dat
    2016-03-26 10:16 - 2016-01-29 01:16 - 02850866 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
    2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
    2016-03-26 06:29 - 2016-01-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-26 06:29 - 2016-01-29 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2016-03-25 07:56 - 2009-07-14 11:04 - 00000442 _____ C:\Windows\win.ini
    2016-03-24 18:03 - 2016-01-29 05:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-03-24 18:03 - 2016-01-29 05:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-03-24 10:31 - 2016-01-29 01:39 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-03-24 10:08 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Daniel Burkus
    2016-03-24 10:07 - 2016-02-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-03-24 10:07 - 2016-02-18 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADS Scanner 2
    2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-03-24 10:07 - 2016-02-06 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2016-03-24 10:07 - 2016-01-30 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
    2016-03-24 10:07 - 2016-01-30 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    2016-03-24 10:07 - 2016-01-30 08:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
    2016-03-24 10:07 - 2016-01-30 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
    2016-03-24 10:07 - 2016-01-30 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-03-24 10:07 - 2016-01-30 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
    2016-03-24 10:07 - 2016-01-29 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-03-24 10:07 - 2016-01-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2016-03-24 10:07 - 2016-01-29 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
    2016-03-24 10:07 - 2016-01-29 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
    2016-03-24 10:07 - 2016-01-29 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
    2016-03-24 10:07 - 2016-01-29 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
    2016-03-24 10:07 - 2016-01-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
    2016-03-24 10:07 - 2016-01-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-03-24 10:07 - 2016-01-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-03-24 10:07 - 2016-01-29 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
    2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
    2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\Adobe
    2016-03-24 10:07 - 2016-01-29 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-03-24 10:07 - 2009-07-14 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-03-24 10:06 - 2016-01-29 16:29 - 00000000 ____D C:\Program Files\AVAST Software
    2016-03-24 10:06 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-24 10:06 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
    2016-03-24 09:38 - 2016-01-29 02:52 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Local\NVIDIA
    2016-03-24 09:16 - 2016-01-30 09:26 - 00000000 ____D C:\Users\Daniel M. Burkus
    2016-03-23 22:31 - 2016-01-29 20:10 - 00000000 ____D C:\Users\TEMP\Desktop\WORK
    2016-03-23 22:30 - 2016-01-29 16:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
    2016-03-23 22:30 - 2016-01-29 04:56 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
    2016-03-22 14:45 - 2016-02-21 08:57 - 00000979 _____ C:\DelFix.txt
    2016-03-21 06:49 - 2016-01-29 16:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-03-20 05:56 - 2016-02-12 06:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-03-19 13:48 - 2016-01-29 05:05 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
    2016-03-18 15:40 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
    2016-03-15 09:38 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\rescache
    2016-03-14 16:02 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Defender
    2016-03-13 22:51 - 2016-01-29 01:39 - 00000000 ____D C:\Windows\system32\MRT
    2016-03-13 20:20 - 2009-07-14 13:33 - 00309064 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-11 08:52 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-03-11 08:11 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\DVD Maker
    2016-03-11 08:11 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\tracing
    2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ____D C:\Windows\system32\appraiser
    2016-03-10 14:09 - 2016-01-29 16:20 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-10 14:08 - 2016-01-29 16:20 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-10 14:08 - 2016-01-29 16:20 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-10 06:53 - 2016-01-29 16:31 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-03-10 06:53 - 2016-01-29 16:31 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU(32).TXT
    2016-03-09 06:38 - 2016-01-29 16:01 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-03-09 06:02 - 2016-01-30 08:05 - 00000000 ____D C:\ProgramData\Adobe
    2016-03-02 08:28 - 2016-01-29 21:31 - 00000000 ____D C:\Program Files\WinRAR
    2016-03-02 07:32 - 2016-01-29 16:31 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2016-03-02 07:32 - 2016-01-29 16:31 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-03-02 07:31 - 2016-01-29 16:31 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-03-02 07:30 - 2016-01-29 16:31 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-03-01 16:56 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160306-120250.backup
    2016-02-29 18:11 - 2016-01-29 21:02 - 00000000 ____D C:\Program Files\Audacity
    2016-02-29 18:08 - 2016-01-29 21:02 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2016-02-29 09:06 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-165623.backup

    ==================== Files in the root of some directories =======

    2016-03-24 19:18 - 2016-03-24 19:18 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
    2016-03-24 19:18 - 2016-03-24 19:18 - 0000913 _____ () C:\ProgramData\ReclaiMe.config

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll
    [2016-01-31 08:35] - [2009-07-14 10:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-19 12:03

    ==================== End of FRST.txt ============================
     
  18. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    ADDITION:


    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
    Ran by Daniel M. Burkus (2016-03-27 14:18:52)
    Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
    Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
    Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
    Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
    ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
    Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
    FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
    GOM Player (HKLM\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
    Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
    K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
    MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
    NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
    NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
    Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
    Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
    Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
    TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {24EAC4BE-B459-44E4-9847-02174A676EA0} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
    Task: {2E7584C7-0090-4DE2-AAE4-03D7F7D4A87D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-02] (AVAST Software)
    Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
    Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
    Task: {B9B5EEE0-7447-4EC2-A8EB-FC19790E5369} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
    Task: {C8C7DDD9-1767-446A-AE61-65105B310ABB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
    Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-01-29 01:50 - 2015-02-04 11:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2016-03-02 07:30 - 2016-03-02 07:30 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-03-02 07:30 - 2016-03-02 07:30 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-27 06:52 - 2016-03-27 06:52 - 02843136 _____ () C:\Program Files\AVAST Software\Avast\defs\16032600\algo.dll
    2016-03-02 07:30 - 2016-03-02 07:30 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-01-29 19:14 - 2016-01-22 16:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
    2016-01-30 07:47 - 2010-07-05 06:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
    2016-01-29 16:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-01-29 16:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2016-01-29 16:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-01-29 16:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2016-01-29 16:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2016-01-29 16:30 - 2016-01-29 16:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-01-30 07:47 - 2010-07-05 04:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
    2016-03-26 10:10 - 2010-08-27 09:32 - 04577760 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    2016-03-26 10:10 - 2010-07-08 11:24 - 00258048 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7882 more sites.

    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

    There are 7880 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 11:04 - 2016-03-26 21:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{763C9D5E-ECFE-4D3A-AF81-CC4EBB84CF83}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{B8C3A556-31F9-4237-BA72-805C9C7E79A6}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{E7E15744-6AA7-40EA-87BE-E5FD2DC12D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{CCBC611D-95BA-48BA-AC62-BC052843BA17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
    FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
    FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    22-03-2016 14:44:42 End of disinfection
    24-03-2016 09:30:16 Restore Operation
    26-03-2016 07:32:02 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 07:33:55 Device Driver Package Install: NETGEAR Inc. Network Protocol
    26-03-2016 09:05:32 JRT Pre-Junkware Removal
    26-03-2016 10:06:08 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 10:10:12 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    26-03-2016 10:11:04 Device Driver Package Install: NETGEAR Inc. Network Protocol
    26-03-2016 13:10:58 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Standard floppy disk controller
    Description: Standard floppy disk controller
    Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard floppy disk controllers)
    Service: fdc
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/27/2016 02:13:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/27/2016 02:13:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/27/2016 11:18:09 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (03/27/2016 06:44:09 AM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/27/2016 06:44:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 09:24:19 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 09:24:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 09:03:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.

    Error: (03/26/2016 09:03:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    0x800401F9

    Error: (03/26/2016 09:01:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
    Description: Windows license activation failed. Error 0x00000000.


    System errors:
    =============
    Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:32 PM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (03/27/2016 02:16:32 PM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (03/27/2016 02:16:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
    %%-2140993535

    Error: (03/27/2016 02:16:22 PM) (Source: PNRPSvc) (EventID: 102) (User: )
    Description: 0x80630801

    Error: (03/27/2016 12:00:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Peer Name Resolution Protocol service terminated with the following error:
    %%-2140993535


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
    Percentage of memory in use: 42%
    Total physical RAM: 3071.3 MB
    Available physical RAM: 1758.09 MB
    Total Virtual: 6140.93 MB
    Available Virtual: 4681.13 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.79 GB) (Free:198.89 GB) NTFS
    Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:66.61 GB) NTFS
    Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:67.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
    Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Those are clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    I have no more bandwidth left for this month. Will post these scan results on Friday.

    -- Daniel M. Burkus
     
  21. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    OK...
     
  22. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Secunia PSI (3.0.0.11005)
    CCleaner
    Adobe Flash Player 21.0.0.197
    Mozilla Firefox (45.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    Sophos Sophos Virus Removal Tool SVRTgui.exe
    Sophos Sophos Virus Removal Tool SVRTservice.exe
    A - Software Shortcuts Malware Scanning Tools SecurityCheck.exe
    A - Software Shortcuts Malware Scanning Tools FarbarServiceScanner.exe
    A - Software Shortcuts Malware Scanning Tools TempFileCleaner.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  23. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    Farbar Service Scanner Version: 27-01-2016
    Ran by Daniel M. Burkus (administrator) on 28-03-2016 at 18:26:34
    Running from "C:\My Documents\A - Software Shortcuts\Malware Scanning Tools"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Attempt to access Google IP returned error. Google IP is unreachable
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  24. Daniel Burkus

    Daniel Burkus TS Enthusiast Topic Starter Posts: 66

    The Sophos Scan was without issue.

    -- Daniel M. Burkus
     
  25. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...