Inactive Windows 7: profile chagned to temporary profile; system restore 0xc0000022 error -- Malware?

Daniel Burkus · Mar 23, 2016

Bruni, first of all, thank you for all of your help before.

However, there seems to still be something wrong with my PC. In addition to the residual matter of the phantom floppy disk player, which I have not yet attended to (I went to Japan at the end of February, and contracted food poisoning the night before I left Korea), something else has continued to happen: from time to time, when I am watching a movie (such as one burned on a CD or on a HD, not streaming), or reading (this usually seems to happen when I am reading the news), I have occasionally noticed a (black) command prompt window appear for a fraction of a second before disappearing. This happens several times a day, but the manifestation is so fast that, other than recognizing what it is, I have no idea what is causing it.

There has also continued to be an issue with unusually high CPU usage (for example, when nothing is running), though not constantly. (The cooling fan, however, works now, so the PC shutting down when that occurs is no longer an issue.) I read that this high CPU usage can be caused by a corrupt User Profile, and so I decided to change mine -- I created a new profile (yesterday), moved everything there (while backing up all of the files on other hard drives), and so forth, and then deleted the presumably corrupted profile (and the temporary profile that I created since three profiles are needed to perform the transfer of data). After which the PC worked fine, and so I continued my work, saving all of my files (in folders on the desktop) before shutting down for the night.

This morning my (new) user account appears to have vanished: every time I restarted Windows 7, it continued to open temporary profiles; and naturally I cannot access the files I created yesterday (which still seem to be there -- since the used disk space on the C drive is the same as before):

- I tried the regedit fixes recommended on line (renaming the user profiles), without effect.

- I ran scandisk, which indicated that nothing was wrong, and the disc was clean. Still no effect.

- Then I tried deleting the .bak profile, which still produced no results.

- After that I tried system restore to a restore point 2 days prior to this issue, and got the 0xc0000022 error ("System Restore did not complete successfully. Your computer's system files and settings were not changed. Details: An unspecified error occurred during System Restore. (0xc0000022).) There are no other system restore points available. When I tried to reverse the system restore, the same error was received. All of my data (other than the work I did yesterday) has been stored on other drives (all of yesterday's work was saved, though the profile with which it is associated is the one I can not find -- I changed my picture, and the new picture is still associated with the profile, but the profile itself is empty: however, I have not deleted any files).

- I ran Microsoft Fix It and the KB890830 (MSERT) tools, but they indicate the PC is clean and without issues.

I ran through the series of scans that you suggested before, and most turned up nothing. Combofix deleted two files "prefs.js" and "debug.log" but nothing else.

As I said way-back-when, I am in South Korea, and this might be the result of some malware that some sort of spy agency has inserted (to repeat, my PC began to have issues following an episode where Tumblr tried to access pages that apparently were banned -- my suspicions were aroused due to the way in which Firefox attempted to open them: usually a notice appears indicating that the page is banned, and then I leave the page; but in this instance Firefox tried to open the page through my dashboard, though I do not know why it did so).

At any rate, if there is anything you can suggest, I would like to hear from you at your earliest convenience.

Thank you for your time.

-- Daniel M. Burkus

Broni · Mar 24, 2016

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Daniel Burkus · Mar 25, 2016

Bruni, my connection to the internet was lost. I have it back now and am running FRST in SafeMode (with networking). Will post the scan as soon as it is done.

Daniel Burkus · Mar 25, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Daniel M. Burkus (administrator) on PC (26-03-2016 10:57:01)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-03-26] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2016-03-26]
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-21]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * sdnclean.exeaswBoot.exe /A:C: /A:* STARTUP /L:1033 /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:C:\Program

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{64DEE58B-1BB1-4EC3-A5F5-F207663D912E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02] (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Extension: CacheViewer - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-03-24]
FF Extension: Restart Button - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\restartbutton@strk.jp.xpi [2016-03-24]
FF Extension: CacheViewer2 - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\cacheview2@scriptkitz.ml [2016-03-24]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\artur.dubovoy@gmail.com [2016-03-24]
FF Extension: AdBlock Ultimate - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-24]
FF Extension: Click to Play per-element - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-03-26]
FF Extension: Webmail Ad Blocker - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\gmailnoads@mywebber.com.xpi [2016-03-24]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-24]

Chrome:
=======
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (No Name) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-24]
CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-02] (AVAST Software)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153352 2015-10-20] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 A2DDA; C:\EEK\RUN\a2ddax86.sys [22056 2014-05-14] (Emsisoft GmbH)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-02] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-02] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-02] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-02] (AVAST Software)
S0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-02] (AVAST Software)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-05-14] (Emsisoft GmbH)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
S1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

Daniel Burkus · Mar 25, 2016

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 10:57 - 2016-03-26 10:57 - 00012962 _____ C:\Users\Daniel M. Burkus.PC\Desktop\FRST.txt
2016-03-26 10:55 - 2016-03-26 10:55 - 01725440 _____ (Farbar) C:\Users\Daniel M. Burkus.PC\Desktop\FRST.exe
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\Program Files\NETGEAR
2016-03-26 10:10 - 2010-02-03 11:20 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2016-03-26 10:10 - 2010-02-03 11:20 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\Packet.dll
2016-03-26 10:10 - 2010-02-03 11:20 - 00053299 _____ C:\Windows\system32\pthreadVC.dll
2016-03-26 10:10 - 2010-02-03 11:20 - 00050704 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2016-03-26 10:10 - 2009-11-06 08:37 - 00699896 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh6.sys
2016-03-26 10:10 - 2009-11-06 08:31 - 03862528 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 03551232 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 01176312 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2016-03-26 10:10 - 2007-01-19 18:20 - 00021728 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2016-03-26 09:31 - 2016-03-26 09:31 - 00032259 _____ C:\ComboFix.txt
2016-03-26 07:46 - 2016-03-26 10:57 - 00000000 ____D C:\FRST
2016-03-26 07:46 - 2016-03-26 09:43 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCANS
2016-03-26 07:03 - 2016-03-24 09:12 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160326-070351.backup
2016-03-25 18:43 - 2016-03-26 07:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-25 18:43 - 2016-03-25 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-25 17:00 - 2016-03-26 10:21 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\A - Software Shortcuts
2016-03-25 16:49 - 2016-03-26 09:33 - 00000000 ____D C:\Restore Removed Folders
2016-03-25 15:39 - 2016-03-25 15:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AVMedia Files
2016-03-25 14:57 - 2016-03-25 14:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\SUPERAntiSpyware.com
2016-03-25 09:15 - 2016-03-25 09:15 - 00000078 _____ C:\Users\Daniel M. Burkus.PC\Google Search URLs.txt
2016-03-25 07:49 - 2016-03-25 07:54 - 00000000 ____D C:\Program Files\Software by Design
2016-03-25 07:49 - 2016-03-25 07:49 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Software by Design
2016-03-25 07:49 - 2013-04-09 15:00 - 00086016 ____N (Software Design) C:\Windows\SDUnInst.exe
2016-03-25 07:33 - 2016-03-21 21:47 - 00001245 _____ C:\Users\Daniel M. Burkus.PC\Desktop\taskmanager.exe.lnk
2016-03-25 07:33 - 2016-03-14 07:41 - 00001480 _____ C:\Users\Daniel M. Burkus.PC\Desktop\KB LIST.txt.lnk
2016-03-25 07:33 - 2016-03-13 11:42 - 00000561 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Windows Update.lnk
2016-03-25 07:33 - 2016-01-30 07:40 - 00001483 _____ C:\Users\Daniel M. Burkus.PC\solitaire.lnk
2016-03-25 07:33 - 2016-01-30 07:40 - 00001353 _____ C:\Users\Daniel M. Burkus.PC\freecell.lnk
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2), Notes.txt
2016-03-24 22:25 - 2016-03-25 10:23 - 00007592 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1), Notes.txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4).txt
2016-03-24 22:23 - 2016-03-25 10:25 - 00000640 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1).txt
2016-03-24 22:23 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3).txt
2016-03-24 22:23 - 2016-03-25 09:21 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2).txt
2016-03-24 21:39 - 2016-03-24 21:40 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\14 - Bon-date no Densho
2016-03-24 21:37 - 2016-03-24 21:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\13 - Matsue Sotoku-ate no Densho
2016-03-24 20:56 - 2016-03-24 22:29 - 00000858 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2016-03-24 20:40 - 2016-03-24 20:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Blog Documents
2016-03-24 20:26 - 2016-03-24 20:26 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\WinRAR
2016-03-24 20:03 - 2016-03-24 20:03 - 00020660 _____ C:\Users\Daniel M. Burkus.PC\'To Santa Claus and Little Sisters' by Anonymous.htm
2016-03-24 19:46 - 2016-03-24 19:46 - 00931330 _____ C:\Users\Daniel M. Burkus.PC\Desktop\To Kill a Mockingbird (Harper Lee).pdf
2016-03-24 19:45 - 2016-03-24 19:45 - 00546794 _____ C:\Users\Daniel M. Burkus.PC\Desktop\The Perks of Being a Wallflower (Stephen Chbosky).pdf
2016-03-24 19:38 - 2016-03-24 19:38 - 00026680 _____ C:\Users\Daniel M. Burkus.PC\River Sumida.bmp
2016-03-24 19:18 - 2016-03-24 19:18 - 00000913 _____ C:\ProgramData\ReclaiMe.config
2016-03-24 19:18 - 2016-03-24 19:18 - 00000438 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-03-24 19:10 - 2016-03-24 19:12 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Foxit Software
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Adobe
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CEF
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
2016-03-24 16:22 - 2016-03-24 16:22 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\HWP
2016-03-24 16:17 - 2016-03-24 16:17 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IrfanView
2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\NVIDIA
2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
2016-03-24 13:40 - 2016-03-24 13:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Hnc
2016-03-24 13:15 - 2016-03-24 18:40 - 00000000 ____D C:\Program Files\Recuva
2016-03-24 13:15 - 2016-03-24 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-03-24 10:32 - 2016-03-24 10:32 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\ElevatedDiagnostics
2016-03-24 10:24 - 2016-03-24 10:24 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\MACRIUM
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\AVAST Software
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\Adobe
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\NVIDIA
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\Google
2016-03-24 09:57 - 2016-03-24 10:08 - 00000000 ____D C:\Users\Daniel M. Burkus (n)
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\My Documents
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Videos
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Pictures
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Music
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\VirtualStore
2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\SUPERAntiSpyware.com
2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\AVAST Software
2016-03-24 08:57 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-24 08:57 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-24 08:57 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-24 08:52 - 2016-03-24 10:06 - 00000000 ____D C:\Scans to Run
2016-03-24 08:48 - 2016-03-26 09:31 - 00000000 ____D C:\Qoobox
2016-03-24 08:45 - 2016-03-24 08:45 - 01725440 _____ (Farbar) C:\FRST.exe
2016-03-24 08:40 - 2016-03-24 08:40 - 05658151 ____R (Swearware) C:\ComboFix.exe
2016-03-24 08:37 - 2016-03-24 08:37 - 00064568 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Macromedia
2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Macromedia
2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla
2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Mozilla
2016-03-24 08:00 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Adobe
2016-03-24 08:00 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NVIDIA
2016-03-24 08:00 - 2016-03-24 08:00 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
2016-03-24 07:59 - 2016-03-26 09:31 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
2016-03-24 07:59 - 2016-03-25 18:48 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\VirtualStore
2016-03-24 07:59 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Google
2016-03-24 07:59 - 2016-03-24 07:59 - 00001413 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 07:59 - 2016-03-24 07:59 - 00000020 ___SH C:\Users\Daniel M. Burkus.PC\ntuser.ini
2016-03-24 07:59 - 2016-03-24 07:59 - 00000000 _SHDL C:\Users\Daniel M. Burkus.PC\My Documents
2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Macromedia
2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Macromedia
2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Mozilla
2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Mozilla
2016-03-24 07:46 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\NVIDIA
2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\AVAST Software
2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Adobe
2016-03-24 07:45 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.001\Virtual Machines
2016-03-24 07:45 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Google
2016-03-24 07:45 - 2016-03-24 07:47 - 00002201 _____ C:\Users\TEMP.PC.001\Desktop\Google Chrome.lnk
2016-03-24 07:45 - 2016-03-24 07:45 - 00001413 _____ C:\Users\TEMP.PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 07:44 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.001
2016-03-24 07:44 - 2016-03-24 07:44 - 00000020 ___SH C:\Users\TEMP.PC.001\ntuser.ini
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\My Documents
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Videos
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Pictures
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Music
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\VirtualStore
2016-03-24 07:43 - 2016-03-24 07:43 - 00003528 ____N C:\bootsqm.dat
2016-03-24 06:46 - 2016-03-24 06:46 - 00064568 _____ C:\Users\TEMP.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 06:40 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.000\Virtual Machines
2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\NVIDIA
2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\Google
2016-03-24 06:40 - 2016-03-24 06:42 - 00002201 _____ C:\Users\TEMP.PC.000\Desktop\Google Chrome.lnk
2016-03-24 06:40 - 2016-03-24 06:40 - 00001413 _____ C:\Users\TEMP.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\AVAST Software
2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\Adobe
2016-03-24 06:39 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.000
2016-03-24 06:39 - 2016-03-24 06:39 - 00000020 ___SH C:\Users\TEMP.PC.000\ntuser.ini
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\My Documents
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Videos
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Pictures
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Music
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\VirtualStore
2016-03-24 06:28 - 2016-03-24 06:28 - 00064568 _____ C:\Users\TEMP.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\AVAST Software
2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\Adobe
2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC\Virtual Machines
2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC

Daniel Burkus · Mar 25, 2016

___D C:\Users\TEMP.PC\AppData\Local\NVIDIA
2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\Google
2016-03-24 06:27 - 2016-03-24 06:29 - 00002201 _____ C:\Users\TEMP.PC\Desktop\Google Chrome.lnk
2016-03-24 06:27 - 2016-03-24 06:27 - 00001413 _____ C:\Users\TEMP.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 06:27 - 2016-03-24 06:27 - 00000020 ___SH C:\Users\TEMP.PC\ntuser.ini
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\My Documents
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Videos
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Pictures
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Music
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\VirtualStore
2016-03-23 21:17 - 2016-03-23 21:17 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 21:17 - 2016-03-23 21:17 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 16:09 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Public\Foxit Software
2016-03-23 15:47 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2016-03-23 15:46 - 2016-03-23 22:31 - 00000000 ____D C:\Users\TEMP
2016-03-23 15:46 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2016-03-20 06:01 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-20 06:01 - 2016-03-20 06:01 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-03-20 06:00 - 2016-03-20 06:00 - 00000000 ____D C:\Program Files\Foxit Software
2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord
2016-03-17 08:50 - 2016-03-17 09:06 - 00000000 ____D C:\FreeOCR
2016-03-17 08:50 - 2016-03-17 08:50 - 00000000 ____D C:\Program Files\AbleWord
2016-03-17 08:50 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2016-03-13 16:00 - 2016-02-12 03:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-13 16:00 - 2016-02-12 03:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-13 16:00 - 2016-02-12 03:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-13 16:00 - 2016-02-12 03:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-13 16:00 - 2016-02-12 03:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-13 16:00 - 2016-02-12 03:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-13 16:00 - 2016-02-12 03:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-13 16:00 - 2016-02-12 03:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-13 16:00 - 2016-02-12 03:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-13 16:00 - 2016-02-12 03:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-13 16:00 - 2016-02-12 03:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-13 16:00 - 2016-02-12 03:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-13 16:00 - 2016-02-12 02:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-13 16:00 - 2016-02-12 02:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-13 16:00 - 2016-02-12 02:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-13 16:00 - 2016-02-12 02:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-13 16:00 - 2016-02-12 02:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-13 16:00 - 2016-02-12 02:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-13 16:00 - 2016-02-12 02:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-13 16:00 - 2016-02-12 02:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-13 16:00 - 2016-02-12 02:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-13 15:59 - 2016-02-05 02:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-13 15:58 - 2016-02-06 03:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-13 15:58 - 2016-02-06 03:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-13 15:58 - 2016-02-06 03:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-13 15:58 - 2016-02-06 02:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-13 15:58 - 2016-02-06 02:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-13 15:58 - 2016-02-05 03:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-13 15:58 - 2016-02-04 03:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-13 15:58 - 2016-02-04 03:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-13 15:58 - 2016-02-04 03:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-13 15:58 - 2016-02-04 02:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-13 12:27 - 2016-03-13 12:27 - 00000000 ____D C:\Windows\CheckSur
2016-03-13 09:48 - 2016-03-11 07:45 - 00006262 _____ C:\Windows\system32\Drivers\etc\hosts.20160313-094841.backup
2016-03-11 08:30 - 2016-03-26 06:30 - 00000000 ____D C:\Program Files\Google
2016-03-11 07:46 - 2016-03-11 07:46 - 00000000 ___HD C:\$windows.~bt
2016-03-11 07:42 - 2016-03-11 07:42 - 00000000 ____D C:\Program Files\AEGIS-Voat
2016-03-11 07:31 - 2016-03-11 07:31 - 00000000 ____D C:\2d3f5ed3ad81cf6d8f1e358b68f9
2016-03-10 21:46 - 2016-03-26 09:02 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-10 21:10 - 2016-02-09 18:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 06:03 - 2016-03-17 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Adobe
2016-03-02 07:31 - 2016-03-02 07:30 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-02 07:30 - 2016-03-02 07:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-01 22:38 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct MIDI to MP3 Converter
2016-03-01 22:38 - 2016-03-01 22:38 - 00000000 ____D C:\Program Files\Direct MIDI to MP3 Converter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 10:52 - 2016-02-13 21:56 - 01127562 _____ C:\Windows\ntbtlog.txt
2016-03-26 10:48 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-26 10:48 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-26 10:19 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-26 10:19 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-26 10:16 - 2016-01-29 02:16 - 00429336 _____ C:\Windows\system32\perfh012.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00417690 _____ C:\Windows\system32\perfh011.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00401934 _____ C:\Windows\system32\prfh0404.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00384862 _____ C:\Windows\system32\prfh0804.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00122062 _____ C:\Windows\system32\perfc011.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00120346 _____ C:\Windows\system32\perfc012.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00119554 _____ C:\Windows\system32\prfc0804.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00115052 _____ C:\Windows\system32\prfc0404.dat
2016-03-26 10:16 - 2016-01-29 01:16 - 02850866 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
2016-03-26 10:04 - 2016-02-19 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-26 09:25 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
2016-03-26 09:22 - 2016-02-19 14:55 - 00000000 ____D C:\Windows\erdnt
2016-03-26 08:26 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-26 07:53 - 2016-01-29 16:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-26 06:29 - 2016-01-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-26 06:29 - 2016-01-29 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-25 07:56 - 2009-07-14 11:04 - 00000442 _____ C:\Windows\win.ini
2016-03-24 18:03 - 2016-01-29 05:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-24 18:03 - 2016-01-29 05:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-24 10:31 - 2016-01-29 01:39 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-24 10:08 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Daniel Burkus
2016-03-24 10:07 - 2016-02-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-24 10:07 - 2016-02-18 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADS Scanner 2
2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-24 10:07 - 2016-02-06 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-24 10:07 - 2016-01-30 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-03-24 10:07 - 2016-01-30 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-03-24 10:07 - 2016-01-30 08:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2016-03-24 10:07 - 2016-01-30 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
2016-03-24 10:07 - 2016-01-30 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-24 10:07 - 2016-01-30 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-03-24 10:07 - 2016-01-29 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-24 10:07 - 2016-01-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-03-24 10:07 - 2016-01-29 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-03-24 10:07 - 2016-01-29 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
2016-03-24 10:07 - 2016-01-29 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2016-03-24 10:07 - 2016-01-29 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2016-03-24 10:07 - 2016-01-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-03-24 10:07 - 2016-01-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-24 10:07 - 2016-01-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-24 10:07 - 2016-01-29 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\Adobe
2016-03-24 10:07 - 2016-01-29 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-24 10:07 - 2009-07-14 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-24 10:06 - 2016-01-29 16:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-24 10:06 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 10:06 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
2016-03-24 09:38 - 2016-01-29 02:52 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Local\NVIDIA
2016-03-24 09:16 - 2016-01-30 09:26 - 00000000 ____D C:\Users\Daniel M. Burkus
2016-03-23 22:31 - 2016-01-29 20:10 - 00000000 ____D C:\Users\TEMP\Desktop\WORK
2016-03-23 22:30 - 2016-01-29 16:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2016-03-23 22:30 - 2016-01-29 04:56 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2016-03-22 14:45 - 2016-02-21 08:57 - 00000979 _____ C:\DelFix.txt
2016-03-21 06:49 - 2016-01-29 16:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-20 05:56 - 2016-02-12 06:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-19 13:48 - 2016-01-29 05:05 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2016-03-18 15:40 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-15 09:38 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\rescache
2016-03-14 16:02 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-13 22:51 - 2016-01-29 01:39 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 20:20 - 2009-07-14 13:33 - 00309064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 08:52 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-11 08:11 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-03-11 08:11 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\tracing
2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 14:09 - 2016-01-29 16:20 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-01-29 16:20 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-01-29 16:20 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 06:53 - 2016-01-29 16:31 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-10 06:53 - 2016-01-29 16:31 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU(32).TXT
2016-03-09 06:38 - 2016-01-29 16:01 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-09 06:02 - 2016-01-30 08:05 - 00000000 ____D C:\ProgramData\Adobe
2016-03-02 08:28 - 2016-01-29 21:31 - 00000000 ____D C:\Program Files\WinRAR
2016-03-02 07:32 - 2016-01-29 16:31 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-02 07:32 - 2016-01-29 16:31 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-02 07:31 - 2016-01-29 16:31 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-01 16:56 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160306-120250.backup
2016-02-29 18:11 - 2016-01-29 21:02 - 00000000 ____D C:\Program Files\Audacity
2016-02-29 18:08 - 2016-01-29 21:02 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-29 09:06 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-165623.backup

==================== Files in the root of some directories =======

2016-03-24 19:18 - 2016-03-24 19:18 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-03-24 19:18 - 2016-03-24 19:18 - 0000913 _____ () C:\ProgramData\ReclaiMe.config

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2016-01-31 08:35] - [2009-07-14 10:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-19 12:03

==================== End of FRST.txt ============================

Daniel Burkus · Mar 25, 2016

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Daniel M. Burkus (2016-03-26 10:58:04)
Running from C:\Users\Daniel M. Burkus.PC\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24EAC4BE-B459-44E4-9847-02174A676EA0} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {2E7584C7-0090-4DE2-AAE4-03D7F7D4A87D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-02] (AVAST Software)
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {B9B5EEE0-7447-4EC2-A8EB-FC19790E5369} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8C7DDD9-1767-446A-AE61-65105B310ABB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7882 more sites.

IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7880 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:04 - 2016-03-26 09:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{763C9D5E-ECFE-4D3A-AF81-CC4EBB84CF83}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{B8C3A556-31F9-4237-BA72-805C9C7E79A6}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E7E15744-6AA7-40EA-87BE-E5FD2DC12D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBC611D-95BA-48BA-AC62-BC052843BA17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-03-2016 14:44:42 End of disinfection
24-03-2016 09:30:16 Restore Operation
26-03-2016 07:32:02 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 07:33:55 Device Driver Package Install: NETGEAR Inc. Network Protocol
26-03-2016 09:05:32 JRT Pre-Junkware Removal
26-03-2016 10:06:08 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 10:10:12 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 10:11:04 Device Driver Package Install: NETGEAR Inc. Network Protocol

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2016 10:52:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 10:52:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 10:48:26 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 10:48:26 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 10:20:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 10:20:10 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 10:06:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fce634df-d2be-4922-80d0-d09090128ed2}

Error: (03/26/2016 10:04:31 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 10:04:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 09:44:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: services.exe, version: 6.1.7601.18829, time stamp: 0x552b22e1
Faulting module name: ntdll.dll, version: 6.1.7601.19160, time stamp: 0x56bcd4d2
Exception code: 0xc0000005
Fault offset: 0x00030388
Faulting process id: 0x244
Faulting application start time: 0xservices.exe0
Faulting application path: services.exe1
Faulting module path: services.exe2
Report Id: services.exe3

System errors:
=============
Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:56:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/26/2016 10:53:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 26%
Total physical RAM: 3071.3 MB
Available physical RAM: 2254.5 MB
Total Virtual: 6140.93 MB
Available Virtual: 5380 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:199.92 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:66.61 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:67.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Mar 25, 2016

Any particular reason for Safe Mode?

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Daniel Burkus · Mar 26, 2016

Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/26/2016
Scan Time: 11:55 AM
Logfile: Malwarebytes Scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.25.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Daniel M. Burkus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 569511
Time Elapsed: 20 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Daniel Burkus · Mar 26, 2016

AdwareCleaner:

# AdwCleaner v5.105 - Logfile created 26/03/2016 at 13:07:37
# Updated 21/03/2016 by Xplode
# Database : 2016-03-20.7 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Daniel M. Burkus - PC
# Running from : C:\Users\Daniel M. Burkus.PC\Desktop\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [847 bytes] - [26/03/2016 13:07:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [902 bytes] - [26/03/2016 12:54:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [991 bytes] ##########

Daniel Burkus · Mar 26, 2016

JunkwareRemovalTool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x86
Ran by Daniel M. Burkus (Administrator) on Sat 03/26/2016 at 13:10:52.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 16

Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43OFRK3P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DOYFYQ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADB3U0CI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW7SEP82 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK9K8AE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCV1VR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5R5PHRE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Daniel M. Burkus.PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5I8LIUT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43OFRK3P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DOYFYQ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADB3U0CI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW7SEP82 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JK9K8AE1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCV1VR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q5R5PHRE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5I8LIUT (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/26/2016 at 13:15:23.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Daniel Burkus · Mar 26, 2016

Earlier this morning I ran most of these scans. There were things on the RogueKiller scan (in addition to 5 or 6 pups that I did not take note of) that did not appear on the later scans:

SSDT:Inl (Hook.SSDT) (Path) 99, ZwDeleteAtom
(Data) win32k.sys, C:\Windows\System32\win32k.sys @
0xffffffff9e0f7f46

SSDT:Inl (Hook.SSDT) (Path) 129, ZwFlushWriteBuffer
(Data) halmacpi.dll, C:\Windows \System32\halmacpi.dll @ 0xffffffff82c15468

(Unfortunately I did not notice how to save the log -- as I explained, my eyesight is not good, and I can only see things that I am looking at directly. Buttons on the bottom of windows are not in my field of vision unless I look for them.)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The first RogueKiller scan:

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Daniel M. Burkus [Administrator]
Started from : C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/26/2016 11:25:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] aich2zne.default : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] b1a2fd097a23ca69b6b12abaa342e59f
[BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] 049945051fe77a2a7945126d5255a9c2
[BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] d151fc54efa59ff995497b97b7e64c5e
[BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Daniel Burkus · Mar 26, 2016

The second RogueKiller scan:

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Daniel M. Burkus [Administrator]
Started from : C:\Users\Daniel M. Burkus.PC\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/26/2016 11:53:51

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff9e1a7f46 (call dword [0x82d3dd14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff83039468 (call dword [0x82c140b4])

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] aich2zne.default : user_pref("browser.startup.homepage", "https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https://mail.yahoo.com"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] b1a2fd097a23ca69b6b12abaa342e59f
[BSP] ce62516d74e7e2fae782be4f7008cdb8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] 049945051fe77a2a7945126d5255a9c2
[BSP] 320f4a557e8738f56ad4a861745f1b0e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238372 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG SP2504C ATA Device +++++
--- User ---
[MBR] d151fc54efa59ff995497b97b7e64c5e
[BSP] bac9892ba4763ddb0e6fe1b910530a9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238472 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Sorry for the mix-up -- I think I forgot to attach these scans earlier.

Broni · Mar 26, 2016

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Daniel Burkus · Mar 26, 2016

ComboFix 16-03-19.01 - Daniel M. Burkus 03/26/2016 21:10:04.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2001 [GMT 9:00]
Running from: c:\my documents\A - Software Shortcuts\Malware Scanning Tools\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2016-02-26 to 2016-03-26 )))))))))))))))))))))))))))))))
.
.
2016-03-26 12:23 . 2016-03-26 12:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\offreg.3064.dll
2016-03-26 12:21 . 2016-03-26 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-26 08:13 . 2016-03-26 08:15 -------- d-----w- C:\My Documents
2016-03-26 03:54 . 2016-03-26 04:07 -------- d-----w- C:\AdwCleaner
2016-03-26 01:10 . 2009-11-05 23:37 699896 ----a-w- c:\windows\system32\drivers\bcmwlhigh6.sys
2016-03-26 01:10 . 2009-11-05 23:31 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2016-03-26 01:10 . 2009-11-05 23:31 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2016-03-26 01:10 . 2009-11-05 23:31 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2016-03-26 01:10 . 2009-11-05 23:31 1176312 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2016-03-26 01:10 . 2007-01-19 09:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2016-03-26 01:10 . 2016-03-26 01:10 -------- d-----w- c:\program files\NETGEAR
2016-03-26 01:10 . 2010-02-03 02:20 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2016-03-26 01:10 . 2016-03-26 01:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2016-03-26 00:23 . 2016-03-26 00:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\offreg.3088.dll
2016-03-25 22:46 . 2016-03-26 02:00 -------- d-----w- C:\FRST
2016-03-25 09:43 . 2016-03-26 10:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2016-03-25 07:49 . 2016-03-26 00:33 -------- d-----w- C:\Restore Removed Folders
2016-03-24 22:49 . 2016-03-24 22:54 -------- d-----w- c:\program files\Software by Design
2016-03-24 22:49 . 2013-04-09 06:00 86016 ------w- c:\windows\SDUnInst.exe
2016-03-24 04:15 . 2016-03-24 09:40 -------- d-----w- c:\program files\Recuva
2016-03-24 00:57 . 2016-03-24 01:08 -------- d-----w- c:\users\Daniel M. Burkus (n)
2016-03-23 23:52 . 2016-03-24 01:06 -------- d-----w- C:\Scans to Run
2016-03-23 22:59 . 2016-03-26 12:05 -------- d-----w- c:\users\Daniel M. Burkus.PC
2016-03-23 12:17 . 2016-03-23 12:17 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-03-23 07:09 . 2016-03-24 01:06 -------- d-----w- c:\users\Public\Foxit Software
2016-03-23 06:46 . 2016-03-23 13:31 -------- d-----w- c:\users\TEMP
2016-03-22 00:16 . 2016-02-19 01:31 9067696 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DF552FB-27CD-4D28-BB1B-852BC96D8CA1}\mpengine.dll
2016-03-19 21:01 . 2016-03-19 21:01 -------- d-----w- c:\programdata\Foxit ContentPlatform
2016-03-19 21:00 . 2016-03-19 21:00 -------- d-----w- c:\program files\Foxit Software
2016-03-16 23:50 . 2016-03-16 23:50 -------- d-----w- c:\program files\AbleWord
2016-03-16 23:50 . 2007-03-10 01:11 2680320 ----a-w- c:\windows\system32\ImageEnXLibrary.ocx
2016-03-16 23:50 . 2016-03-17 00:06 -------- d-----w- C:\FreeOCR
2016-03-13 13:46 . 2016-03-13 13:47 54887136 ----a-w- c:\program files\Windows Defender\Windows-KB890830-V5.34.exe
2016-03-13 06:59 . 2016-02-04 17:46 2387456 ----a-w- c:\windows\system32\win32k.sys
2016-03-13 06:58 . 2016-02-04 18:41 296448 ----a-w- c:\windows\system32\mfds.dll
2016-03-13 06:58 . 2016-02-03 18:49 90624 ----a-w- c:\windows\system32\olepro32.dll
2016-03-13 06:58 . 2016-02-03 18:49 572416 ----a-w- c:\windows\system32\oleaut32.dll
2016-03-13 06:58 . 2016-02-03 18:43 67584 ----a-w- c:\windows\system32\asycfilt.dll
2016-03-13 06:58 . 2016-02-05 18:44 26112 ----a-w- c:\windows\system32\lpk.dll
2016-03-13 06:58 . 2016-02-05 18:44 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-03-13 06:58 . 2016-02-05 18:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-03-13 06:58 . 2016-02-05 17:43 299520 ----a-w- c:\windows\system32\atmfd.dll
2016-03-13 06:58 . 2016-02-05 17:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-03-13 03:27 . 2016-03-13 03:27 -------- d-----w- c:\windows\CheckSur
2016-03-10 23:30 . 2016-03-25 21:30 -------- d-----w- c:\program files\Google
2016-03-10 22:46 . 2016-03-10 22:46 -------- d--h--w- C:\$windows.~bt
2016-03-10 22:42 . 2016-03-10 22:42 -------- d-----w- c:\program files\AEGIS-Voat
2016-03-10 22:31 . 2016-03-10 22:31 -------- d-----w- C:\2d3f5ed3ad81cf6d8f1e358b68f9
2016-03-10 12:46 . 2016-03-26 00:02 -------- d-----w- c:\program files\AdwCleaner
2016-03-10 12:10 . 2016-02-09 09:50 21504 ----a-w- c:\windows\system32\seclogon.dll
2016-03-08 21:03 . 2016-03-08 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2016-03-01 22:31 . 2016-03-01 22:30 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-03-01 22:30 . 2016-03-01 22:30 52184 ----a-w- c:\windows\avastSS.scr
2016-03-01 13:38 . 2016-03-01 13:38 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-26 02:55 . 2016-01-29 07:21 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-26 02:39 . 2016-02-15 05:58 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-24 09:03 . 2016-01-28 20:02 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-24 09:03 . 2016-01-28 20:02 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-10 05:09 . 2016-01-29 07:20 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 05:08 . 2016-01-29 07:20 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 05:08 . 2016-01-29 07:20 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-09 21:53 . 2016-01-29 07:31 816304 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-03-09 21:53 . 2016-01-29 07:31 91168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2016-03-01 22:32 . 2016-01-29 07:31 447848 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-03-01 22:32 . 2016-01-29 07:31 221240 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-03-01 22:31 . 2016-01-29 07:31 127432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-03-01 22:30 . 2016-01-29 07:31 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-03-01 22:30 . 2016-01-29 07:31 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-03-01 22:30 . 2016-01-29 07:31 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-02-14 03:58 . 2016-02-19 21:20 134928 ----a-w- c:\windows\system32\drivers\SIVX32.sys
2016-02-02 12:45 . 2016-02-02 12:45 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2016-01-30 17:42 . 2016-01-30 17:42 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2016-01-30 17:42 . 2016-01-30 17:42 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2016-01-30 17:42 . 2016-01-30 17:42 220160 ----a-w- c:\windows\system32\d3d10core.dll
2016-01-30 17:42 . 2016-01-30 17:42 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2016-01-30 17:42 . 2016-01-30 17:42 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2016-01-30 17:42 . 2016-01-30 17:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2016-01-30 17:42 . 2016-01-30 17:42 1080832 ----a-w- c:\windows\system32\d3d10.dll
2016-01-30 17:42 . 2016-01-30 17:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-01-30 17:42 . 2016-01-30 17:42 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2016-01-30 17:42 . 2016-01-30 17:42 293376 ----a-w- c:\windows\system32\dxgi.dll
2016-01-30 17:42 . 2016-01-30 17:42 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2016-01-29 13:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2016-01-22 07:56 . 2016-01-29 10:14 89008 ----a-w- c:\windows\system32\cpwmon2k.dll
2016-01-22 06:06 . 2016-02-09 23:11 169984 ----a-w- c:\windows\system32\winsrv.dll
2016-01-22 06:04 . 2016-02-09 23:11 642048 ----a-w- c:\windows\system32\CPFilters.dll
2016-01-22 06:04 . 2016-02-09 23:11 535040 ----a-w- c:\windows\system32\EncDec.dll
2016-01-22 06:02 . 2016-02-09 23:11 114176 ----a-w- c:\windows\system32\mtxoci.dll
2016-01-22 06:02 . 2016-02-09 23:11 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-01-22 06:02 . 2016-02-09 23:11 293888 ----a-w- c:\windows\system32\KernelBase.dll
2016-01-22 05:59 . 2016-02-09 23:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-22 05:59 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-22 05:01 . 2016-02-09 23:11 271360 ----a-w- c:\windows\system32\conhost.exe
2016-01-22 04:51 . 2016-02-09 23:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 23:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 23:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-22 04:51 . 2016-02-09 23:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-16 18:36 . 2016-02-09 23:10 1413632 ----a-w- c:\windows\system32\ole32.dll
2016-01-07 17:35 . 2016-02-09 23:10 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-01-06 18:41 . 2016-02-09 23:10 216064 ----a-w- c:\windows\system32\InkEd.dll
2016-01-06 17:56 . 2016-02-09 23:10 19968 ----a-w- c:\windows\system32\jnwmon.dll
2016-01-06 17:56 . 2016-02-09 23:10 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2014-03-07 01:03 3109520 --sha-r- c:\windows\System32\avcodec-lav-55.dll
2014-03-07 01:03 98960 --sha-r- c:\windows\System32\avfilter-lav-4.dll
2014-03-07 01:03 550032 --sha-r- c:\windows\System32\avformat-lav-55.dll
2009-09-27 00:39 415744 --sh--w- c:\windows\System32\avisynth.dll
2014-03-07 01:03 59536 --sha-r- c:\windows\System32\avresample-lav-1.dll
2005-07-14 03:31 32256 --sh--w- c:\windows\System32\AVSredirect.dll
2014-03-07 01:03 181392 --sha-r- c:\windows\System32\avutil-lav-52.dll
2004-02-22 01:11 764416 --sh--w- c:\windows\System32\devil.dll
2014-03-07 01:03 122512 --sha-r- c:\windows\System32\HLaudio.dll
2014-03-07 01:03 203408 --sha-r- c:\windows\System32\HLsplit.dll
2014-03-07 01:03 313520 --sha-r- c:\windows\System32\HLvideo.dll
2004-01-24 15:00 70656 --sh--w- c:\windows\System32\i420vfw.dll
2014-03-07 01:03 166544 --sha-r- c:\windows\System32\IntelQuickSyncDecoder.dll
2014-03-07 01:03 109712 --sha-r- c:\windows\System32\libbluray.dll
2011-02-11 00:26 112128 --sha-r- c:\windows\System32\OptimFROG.dll
2014-03-07 01:03 118416 --sha-r- c:\windows\System32\swscale-lav-2.dll
2010-01-06 14:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
2012-10-05 09:54 188416 --sha-r- c:\windows\System32\winDCE32.dll
2004-01-24 15:00 70656 --sh--w- c:\windows\System32\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-03-01 22:30 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-03-25 6825888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-02-19 1793736]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-03-23 7139256]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-01-29 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2016-3-26 4577760]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2016-2-2 605400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"4.27.253.253,255.255.255.255,0.0.0.0,1"=""
"8.12.223.254,255.255.255.255,0.0.0.0,1"=""
"8.26.206.252,255.255.255.255,0.0.0.0,1"=""
"8.26.207.126,255.255.255.255,0.0.0.0,1"=""
"8.26.209.126,255.255.255.255,0.0.0.0,1"=""
"8.26.210.126,255.255.255.255,0.0.0.0,1"=""
"8.254.56.254,255.255.255.255,0.0.0.0,1"=""
"8.254.58.254,255.255.255.255,0.0.0.0,1"=""
"8.254.233.126,255.255.255.255,0.0.0.0,1"=""
"8.254.240.126,255.255.255.255,0.0.0.0,1"=""
"8.254.248.254,255.255.255.255,0.0.0.0,1"=""
"23.15.21.165,255.255.255.255,0.0.0.0,1"=""
"23.47.87.76,255.255.255.255,0.0.0.0,1"=""
"23.52.88.70,255.255.255.255,0.0.0.0,1"=""
"23.96.212.225,255.255.255.255,0.0.0.0,1"=""
"23.98.49.14,255.255.255.255,0.0.0.0,1"=""
"23.103.189.125,255.255.255.255,0.0.0.0,1"=""
"23.211.123.156,255.255.255.255,0.0.0.0,1"=""
"31.13.73.2,255.255.255.255,0.0.0.0,1"=""
"40.117.230.39,255.255.255.255,0.0.0.0,1"=""
"54.243.53.207,255.255.255.255,0.0.0.0,1"=""
"54.243.135.126,255.255.255.255,0.0.0.0,1"=""
"63.241.108.111,255.255.255.255,0.0.0.0,1"=""
"63.241.108.124,255.255.255.255,0.0.0.0,1"=""
"64.4.6.100,255.255.255.255,0.0.0.0,1"=""
"64.4.54.32,255.255.255.255,0.0.0.0,1"=""
"64.4.54.116,255.255.255.255,0.0.0.0,1"=""
"64.4.54.165,255.255.255.255,0.0.0.0,1"=""
"64.4.54.167,255.255.255.255,0.0.0.0,1"=""
"64.4.54.253,255.255.255.255,0.0.0.0,1"=""
"64.4.54.254,255.255.255.255,0.0.0.0,1"=""
"65.52.100.7,255.255.255.255,0.0.0.0,1"=""
"65.52.100.9,255.255.255.255,0.0.0.0,1"=""
"65.52.100.11,255.255.255.255,0.0.0.0,1"=""
"65.52.100.91,255.255.255.255,0.0.0.0,1"=""
"65.52.100.92,255.255.255.255,0.0.0.0,1"=""
"65.52.100.93,255.255.255.255,0.0.0.0,1"=""
"65.52.100.94,255.255.255.255,0.0.0.0,1"=""
"65.52.108.2,255.255.255.255,0.0.0.0,1"=""
"65.52.108.3,255.255.255.255,0.0.0.0,1"=""
"65.52.108.11,255.255.255.255,0.0.0.0,1"=""
"65.52.108.27,255.255.255.255,0.0.0.0,1"=""
"65.52.108.29,255.255.255.255,0.0.0.0,1"=""
"65.52.108.33,255.255.255.255,0.0.0.0,1"=""
"65.52.108.52,255.255.255.255,0.0.0.0,1"=""
"65.52.108.56,255.255.255.255,0.0.0.0,1"=""
"65.52.108.59,255.255.255.255,0.0.0.0,1"=""
"65.52.108.90,255.255.255.255,0.0.0.0,1"=""
"65.52.108.92,255.255.255.255,0.0.0.0,1"=""
"65.52.108.153,255.255.255.255,0.0.0.0,1"=""
"65.52.108.154,255.255.255.255,0.0.0.0,1"=""
"65.52.108.251,255.255.255.255,0.0.0.0,1"=""
"65.52.108.254,255.255.255.255,0.0.0.0,1"=""
"65.54.192.248,255.255.255.255,0.0.0.0,1"=""
"65.54.226.187,255.255.255.255,0.0.0.0,1"=""
"65.55.2.2,255.255.255.255,0.0.0.0,1"=""
"65.55.29.238,255.255.255.255,0.0.0.0,1"=""
"65.55.39.10,255.255.255.255,0.0.0.0,1"=""
"65.55.44.82,255.255.255.255,0.0.0.0,1"=""
"65.55.44.108,255.255.255.255,0.0.0.0,1"=""
"65.55.44.109,255.255.255.255,0.0.0.0,1"=""
"65.55.52.23,255.255.255.255,0.0.0.0,1"=""
"65.55.108.23,255.255.255.255,0.0.0.0,1"=""
"65.55.113.11,255.255.255.255,0.0.0.0,1"=""
"65.55.113.12,255.255.255.255,0.0.0.0,1"=""
"65.55.113.13,255.255.255.255,0.0.0.0,1"=""
"65.55.128.80,255.255.255.255,0.0.0.0,1"=""
"65.55.128.81,255.255.255.255,0.0.0.0,1"=""
"65.55.149.120,255.255.255.255,0.0.0.0,1"=""
"65.55.163.222,255.255.255.255,0.0.0.0,1"=""
"65.55.227.188,255.255.255.255,0.0.0.0,1"=""
"65.55.252.43,255.255.255.255,0.0.0.0,1"=""
"65.55.252.63,255.255.255.255,0.0.0.0,1"=""
"65.55.252.71,255.255.255.255,0.0.0.0,1"=""
"65.55.252.93,255.255.255.255,0.0.0.0,1"=""
"65.55.252.190,255.255.255.255,0.0.0.0,1"=""
"66.119.144.158,255.255.255.255,0.0.0.0,1"=""
"66.119.152.204,255.255.255.255,0.0.0.0,1"=""
"66.235.138.193,255.255.255.255,0.0.0.0,1"=""
"66.235.138.194,255.255.255.255,0.0.0.0,1"=""
"66.235.138.195,255.255.255.255,0.0.0.0,1"=""
"66.235.139.17,255.255.255.255,0.0.0.0,1"=""
"66.235.139.18,255.255.255.255,0.0.0.0,1"=""
"66.235.139.19,255.255.255.255,0.0.0.0,1"=""
"66.235.139.205,255.255.255.255,0.0.0.0,1"=""
"66.235.139.206,255.255.255.255,0.0.0.0,1"=""
"66.235.139.207,255.255.255.255,0.0.0.0,1"=""
"68.67.152.1,255.255.255.255,0.0.0.0,1"=""
"68.67.152.4,255.255.255.255,0.0.0.0,1"=""
"68.67.152.5,255.255.255.255,0.0.0.0,1"=""
"68.67.152.6,255.255.255.255,0.0.0.0,1"=""
"68.67.152.7,255.255.255.255,0.0.0.0,1"=""
"68.67.152.8,255.255.255.255,0.0.0.0,1"=""
"68.67.152.91,255.255.255.255,0.0.0.0,1"=""
"68.67.152.94,255.255.255.255,0.0.0.0,1"=""
"68.67.152.97,255.255.255.255,0.0.0.0,1"=""
"68.67.152.103,255.255.255.255,0.0.0.0,1"=""
"68.67.152.110,255.255.255.255,0.0.0.0,1"=""
"68.67.152.120,255.255.255.255,0.0.0.0,1"=""
"68.67.152.131,255.255.255.255,0.0.0.0,1"=""
"68.67.152.132,255.255.255.255,0.0.0.0,1"=""
"68.67.152.167,255.255.255.255,0.0.0.0,1"=""
"68.67.152.172,255.255.255.255,0.0.0.0,1"=""
"68.67.152.173,255.255.255.255,0.0.0.0,1"=""
"68.67.152.174,255.255.255.255,0.0.0.0,1"=""
"68.67.153.37,255.255.255.255,0.0.0.0,1"=""
"68.67.153.40,255.255.255.255,0.0.0.0,1"=""
"68.67.153.44,255.255.255.255,0.0.0.0,1"=""
"68.67.153.87,255.255.255.255,0.0.0.0,1"=""
"68.67.153.89,255.255.255.255,0.0.0.0,1"=""
"68.67.176.42,255.255.255.255,0.0.0.0,1"=""
"68.67.176.43,255.255.255.255,0.0.0.0,1"=""
"68.67.176.44,255.255.255.255,0.0.0.0,1"=""
"68.67.176.47,255.255.255.255,0.0.0.0,1"=""
"68.67.176.48,255.255.255.255,0.0.0.0,1"=""
"68.67.176.50,255.255.255.255,0.0.0.0,1"=""
"68.67.176.51,255.255.255.255,0.0.0.0,1"=""
"68.67.176.52,255.255.255.255,0.0.0.0,1"=""
"68.67.176.128,255.255.255.255,0.0.0.0,1"=""
"68.67.176.129,255.255.255.255,0.0.0.0,1"=""
"68.67.176.145,255.255.255.255,0.0.0.0,1"=""
"68.67.176.146,255.255.255.255,0.0.0.0,1"=""
"74.125.21.148,255.255.255.255,0.0.0.0,1"=""
"74.125.21.149,255.255.255.255,0.0.0.0,1"=""
"93.184.215.200,255.255.255.255,0.0.0.0,1"=""
"94.245.121.176,255.255.255.255,0.0.0.0,1"=""
"94.245.121.177,255.255.255.255,0.0.0.0,1"=""
"94.245.121.178,255.255.255.255,0.0.0.0,1"=""
"94.245.121.179,255.255.255.255,0.0.0.0,1"=""
"94.245.121.253,255.255.255.255,0.0.0.0,1"=""
"96.16.144.23,255.255.255.255,0.0.0.0,1"=""
"96.16.151.81,255.255.255.255,0.0.0.0,1"=""
"96.17.68.131,255.255.255.255,0.0.0.0,1"=""
"96.17.70.242,255.255.255.255,0.0.0.0,1"=""
"104.43.203.255,255.255.255.255,0.0.0.0,1"=""
"104.45.136.42,255.255.255.255,0.0.0.0,1"=""
"104.70.208.236,255.255.255.255,0.0.0.0,1"=""
"104.70.215.152,255.255.255.255,0.0.0.0,1"=""
"104.90.75.122,255.255.255.255,0.0.0.0,1"=""
"104.90.89.185,255.255.255.255,0.0.0.0,1"=""
"104.90.92.235,255.255.255.255,0.0.0.0,1"=""
"104.93.174.145,255.255.255.255,0.0.0.0,1"=""
"104.93.176.29,255.255.255.255,0.0.0.0,1"=""
"104.93.196.53,255.255.255.255,0.0.0.0,1"=""
"104.107.39.56,255.255.255.255,0.0.0.0,1"=""
"107.20.234.199,255.255.255.255,0.0.0.0,1"=""
"107.21.246.114,255.255.255.255,0.0.0.0,1"=""
"111.221.29.253,255.255.255.255,0.0.0.0,1"=""
"111.221.29.254,255.255.255.255,0.0.0.0,1"=""
"131.107.113.238,255.255.255.255,0.0.0.0,1"=""
"131.107.255.255,255.255.255.255,0.0.0.0,1"=""
"131.253.14.76,255.255.255.255,0.0.0.0,1"=""
"131.253.14.194,255.255.255.255,0.0.0.0,1"=""
"131.253.34.230,255.255.255.255,0.0.0.0,1"=""
"131.253.40.44,255.255.255.255,0.0.0.0,1"=""
"131.253.40.47,255.255.255.255,0.0.0.0,1"=""
"131.253.40.53,255.255.255.255,0.0.0.0,1"=""
"131.253.40.109,255.255.255.255,0.0.0.0,1"=""
"134.170.30.221,255.255.255.255,0.0.0.0,1"=""
"134.170.52.151,255.255.255.255,0.0.0.0,1"=""
"134.170.58.190,255.255.255.255,0.0.0.0,1"=""
"134.170.107.176,255.255.255.255,0.0.0.0,1"=""
"134.170.108.72,255.255.255.255,0.0.0.0,1"=""
"134.170.115.60,255.255.255.255,0.0.0.0,1"=""
"134.170.119.140,255.255.255.255,0.0.0.0,1"=""
"134.170.184.133,255.255.255.255,0.0.0.0,1"=""
"134.170.185.126,255.255.255.255,0.0.0.0,1"=""
"134.170.188.248,255.255.255.255,0.0.0.0,1"=""
"137.117.100.176,255.255.255.255,0.0.0.0,1"=""
"157.55.129.21,255.255.255.255,0.0.0.0,1"=""
"157.56.23.91,255.255.255.255,0.0.0.0,1"=""
"157.56.57.5,255.255.255.255,0.0.0.0,1"=""
"157.56.96.58,255.255.255.255,0.0.0.0,1"=""
"157.56.96.80,255.255.255.255,0.0.0.0,1"=""
"157.56.96.123,255.255.255.255,0.0.0.0,1"=""
"157.56.96.208,255.255.255.255,0.0.0.0,1"=""
"157.56.100.83,255.255.255.255,0.0.0.0,1"=""
"168.62.11.145,255.255.255.255,0.0.0.0,1"=""
"168.62.21.207,255.255.255.255,0.0.0.0,1"=""
"168.62.187.13,255.255.255.255,0.0.0.0,1"=""
"172.232.221.65,255.255.255.255,0.0.0.0,1"=""
"173.205.24.139,255.255.255.255,0.0.0.0,1"=""
"173.205.24.144,255.255.255.255,0.0.0.0,1"=""
"173.205.24.145,255.255.255.255,0.0.0.0,1"=""
"173.205.24.146,255.255.255.255,0.0.0.0,1"=""
"173.205.24.168,255.255.255.255,0.0.0.0,1"=""
"173.205.24.177,255.255.255.255,0.0.0.0,1"=""
"173.205.24.192,255.255.255.255,0.0.0.0,1"=""
"173.205.24.193,255.255.255.255,0.0.0.0,1"=""
"173.205.27.211,255.255.255.255,0.0.0.0,1"=""
"173.205.27.227,255.255.255.255,0.0.0.0,1"=""
"184.26.143.177,255.255.255.255,0.0.0.0,1"=""
"184.26.143.194,255.255.255.255,0.0.0.0,1"=""
"184.84.136.165,255.255.255.255,0.0.0.0,1"=""
"184.84.139.153,255.255.255.255,0.0.0.0,1"=""
"184.84.141.92,255.255.255.255,0.0.0.0,1"=""
"184.84.141.139,255.255.255.255,0.0.0.0,1"=""
"184.84.170.70,255.255.255.255,0.0.0.0,1"=""
"184.84.170.239,255.255.255.255,0.0.0.0,1"=""
"191.232.80.60,255.255.255.255,0.0.0.0,1"=""
"191.232.139.210,255.255.255.255,0.0.0.0,1"=""
"191.232.139.253,255.255.255.255,0.0.0.0,1"=""
"191.232.140.76,255.255.255.255,0.0.0.0,1"=""
"191.234.72.190,255.255.255.255,0.0.0.0,1"=""
"191.236.16.12,255.255.255.255,0.0.0.0,1"=""
"191.238.241.80,255.255.255.255,0.0.0.0,1"=""
"192.243.250.72,255.255.255.255,0.0.0.0,1"=""
"192.243.250.88,255.255.255.255,0.0.0.0,1"=""
"198.78.206.253,255.255.255.255,0.0.0.0,1"=""
"207.46.7.252,255.255.255.255,0.0.0.0,1"=""
"207.46.11.152,255.255.255.255,0.0.0.0,1"=""
"207.46.202.114,255.255.255.255,0.0.0.0,1"=""
"207.46.223.94,255.255.255.255,0.0.0.0,1"=""
"207.68.166.254,255.255.255.255,0.0.0.0,1"=""
"216.38.160.128,255.255.255.255,0.0.0.0,1"=""
"216.156.199.10,255.255.255.255,0.0.0.0,1"=""
"216.156.199.17,255.255.255.255,0.0.0.0,1"=""
"216.156.199.19,255.255.255.255,0.0.0.0,1"=""
"216.156.199.25,255.255.255.255,0.0.0.0,1"=""
"216.156.199.27,255.255.255.255,0.0.0.0,1"=""
"216.156.199.32,255.255.255.255,0.0.0.0,1"=""
"216.156.199.33,255.255.255.255,0.0.0.0,1"=""
"216.156.199.35,255.255.255.255,0.0.0.0,1"=""
"216.156.199.41,255.255.255.255,0.0.0.0,1"=""
"216.156.199.49,255.255.255.255,0.0.0.0,1"=""
"216.156.199.51,255.255.255.255,0.0.0.0,1"=""
"216.156.199.59,255.255.255.255,0.0.0.0,1"=""
"216.156.199.65,255.255.255.255,0.0.0.0,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-03-01 127432]
R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2016-02-02 16024]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2016-02-14 134928]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2015-10-20 153352]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-03-23 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-03-09 816304]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-03-01 447848]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-03-01 32792]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-03-09 91168]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2016-02-02 1570520]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2016-02-02 837848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-03 409800]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-05 699896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-28 09:03]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1928)
c:\program files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2016-03-26 21:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2016-03-26 12:31
ComboFix2.txt 2016-03-26 00:31
ComboFix3.txt 2016-03-24 00:16
.
Pre-Run: 213,846,253,568 bytes free
Post-Run: 213,563,183,104 bytes free
.
- - End Of File - - A19352750B28A5A7F2EF608C58EA42FC
A36C5E4F47E84449FF07ED3517B43A31

Broni · Mar 26, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Daniel Burkus · Mar 27, 2016

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Daniel M. Burkus (administrator) on PC (27-03-2016 14:17:51)
Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
Loaded Profiles: Daniel M. Burkus (Available Profiles: Daniel M. Burkus)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-03-26] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-01-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2016-03-26]
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-21]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{64DEE58B-1BB1-4EC3-A5F5-F207663D912E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66B87001-DA33-470B-9512-77BE9AE4D883}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B3CE4C30-3C2F-4806-AE63-1892B7E644A5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1259038908-1583320175-680065255-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-02] (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default
FF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Extension: CacheViewer - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-03-24]
FF Extension: Restart Button - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\restartbutton@strk.jp.xpi [2016-03-24]
FF Extension: CacheViewer2 - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\cacheview2@scriptkitz.ml [2016-03-24]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\extensions\artur.dubovoy@gmail.com [2016-03-24]
FF Extension: AdBlock Ultimate - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-03-24]
FF Extension: Click to Play per-element - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\ClickToPlayPerElement@uaSad.addons.mozilla.org.xpi [2016-03-26]
FF Extension: Webmail Ad Blocker - C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla\Firefox\Profiles\aich2zne.default\Extensions\gmailnoads@mywebber.com.xpi [2016-03-24]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-24]

Chrome:
=======
CHR Profile: C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (No Name) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Avast SafePrice) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-24]
CHR Extension: (Avast Online Security) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Daniel M. Burkus.PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-02] (AVAST Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153352 2015-10-20] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-03-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-03-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-03-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-03-02] (AVAST Software)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33096 2012-10-12] (Sophos Limited)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX32.sys [134928 2016-02-14] (Ray Hinchliffe)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\DANIEL~1.PC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 21:31 - 2016-03-26 21:31 - 00033063 _____ C:\ComboFix.txt
2016-03-26 19:27 - 2016-03-26 19:27 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CrashDumps
2016-03-26 17:13 - 2016-03-26 17:15 - 00000000 ____D C:\My Documents
2016-03-26 17:13 - 2016-03-26 17:13 - 00000723 _____ C:\Users\Daniel M. Burkus.PC\Desktop\My Documents - Shortcut.lnk
2016-03-26 15:13 - 2016-03-26 21:35 - 00007392 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Elmar's letter..txt
2016-03-26 12:54 - 2016-03-26 13:07 - 00000000 ____D C:\AdwCleaner
2016-03-26 11:06 - 2016-03-27 11:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\New Scans
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
2016-03-26 10:10 - 2016-03-26 10:10 - 00000000 ____D C:\Program Files\NETGEAR
2016-03-26 10:10 - 2010-02-03 11:20 - 00050704 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2016-03-26 10:10 - 2009-11-06 08:37 - 00699896 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmwlhigh6.sys
2016-03-26 10:10 - 2009-11-06 08:31 - 03862528 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 03551232 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 01176312 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-03-26 10:10 - 2009-11-06 08:31 - 00091376 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2016-03-26 10:10 - 2007-01-19 18:20 - 00021728 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2016-03-26 07:46 - 2016-03-27 14:17 - 00000000 ____D C:\FRST
2016-03-26 07:46 - 2016-03-26 12:52 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\SCANS
2016-03-26 07:03 - 2016-03-24 09:12 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20160326-070351.backup
2016-03-25 18:43 - 2016-03-26 19:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-25 18:43 - 2016-03-25 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-25 16:49 - 2016-03-26 09:33 - 00000000 ____D C:\Restore Removed Folders
2016-03-25 15:39 - 2016-03-25 15:44 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\AVMedia Files
2016-03-25 14:57 - 2016-03-25 14:57 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\SUPERAntiSpyware.com
2016-03-25 07:49 - 2016-03-25 07:54 - 00000000 ____D C:\Program Files\Software by Design
2016-03-25 07:49 - 2016-03-25 07:49 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Software by Design
2016-03-25 07:49 - 2013-04-09 15:00 - 00086016 ____N (Software Design) C:\Windows\SDUnInst.exe
2016-03-25 07:33 - 2016-03-21 21:47 - 00001245 _____ C:\Users\Daniel M. Burkus.PC\Desktop\taskmanager.exe.lnk
2016-03-25 07:33 - 2016-03-14 07:41 - 00001480 _____ C:\Users\Daniel M. Burkus.PC\Desktop\KB LIST.txt.lnk
2016-03-25 07:33 - 2016-03-13 11:42 - 00000561 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Windows Update.lnk
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3), Notes.txt
2016-03-24 22:26 - 2016-03-24 22:26 - 00000272 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2), Notes.txt
2016-03-24 22:25 - 2016-03-25 10:23 - 00007592 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1), Notes.txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (7).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (6).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (5).txt
2016-03-24 22:24 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (4).txt
2016-03-24 22:23 - 2016-03-25 10:25 - 00000640 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (1).txt
2016-03-24 22:23 - 2016-03-25 09:22 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (3).txt
2016-03-24 22:23 - 2016-03-25 09:21 - 00000282 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Bon-date no Densho (2).txt
2016-03-24 21:39 - 2016-03-24 21:40 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\14 - Bon-date no Densho
2016-03-24 21:37 - 2016-03-24 21:47 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Desktop\13 - Matsue Sotoku-ate no Densho
2016-03-24 20:56 - 2016-03-24 22:29 - 00000858 _____ C:\Users\Daniel M. Burkus.PC\Desktop\Blog Templates.txt
2016-03-24 20:40 - 2016-03-24 20:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\Blog Documents
2016-03-24 20:26 - 2016-03-24 20:26 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\WinRAR
2016-03-24 19:46 - 2016-03-24 19:46 - 00931330 _____ C:\Users\Daniel M. Burkus.PC\Desktop\To Kill a Mockingbird (Harper Lee).pdf
2016-03-24 19:45 - 2016-03-24 19:45 - 00546794 _____ C:\Users\Daniel M. Burkus.PC\Desktop\The Perks of Being a Wallflower (Stephen Chbosky).pdf
2016-03-24 19:18 - 2016-03-24 19:18 - 00000913 _____ C:\ProgramData\ReclaiMe.config
2016-03-24 19:18 - 2016-03-24 19:18 - 00000438 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-03-24 19:10 - 2016-03-24 19:12 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Foxit Software
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\LocalLow\Adobe
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\CEF
2016-03-24 19:10 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Adobe
2016-03-24 16:22 - 2016-03-24 16:22 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\HWP
2016-03-24 16:17 - 2016-03-24 16:17 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\IrfanView
2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\NVIDIA
2016-03-24 16:02 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\GRETECH
2016-03-24 13:40 - 2016-03-24 13:41 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Hnc
2016-03-24 13:15 - 2016-03-24 18:40 - 00000000 ____D C:\Program Files\Recuva
2016-03-24 13:15 - 2016-03-24 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-03-24 10:32 - 2016-03-24 10:32 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\ElevatedDiagnostics
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\AVAST Software
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Roaming\Adobe
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\NVIDIA
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\Google
2016-03-24 09:57 - 2016-03-24 10:08 - 00000000 ____D C:\Users\Daniel M. Burkus (n)
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\My Documents
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Videos
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Pictures
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 _SHDL C:\Users\Daniel M. Burkus (n)\Documents\My Music
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Daniel M. Burkus (n)\AppData\Local\VirtualStore
2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\SUPERAntiSpyware.com
2016-03-24 09:42 - 2016-03-24 09:42 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\AVAST Software
2016-03-24 08:57 - 2011-06-26 15:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-24 08:57 - 2010-11-08 02:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-24 08:57 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-24 08:57 - 2000-08-31 09:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-24 08:52 - 2016-03-24 10:06 - 00000000 ____D C:\Scans to Run
2016-03-24 08:48 - 2016-03-26 21:31 - 00000000 ____D C:\Qoobox
2016-03-24 08:45 - 2016-03-24 08:45 - 01725440 _____ (Farbar) C:\FRST.exe
2016-03-24 08:40 - 2016-03-24 08:40 - 05658151 ____R (Swearware) C:\ComboFix.exe
2016-03-24 08:37 - 2016-03-24 08:37 - 00064568 _____ C:\Users\Daniel M. Burkus.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Macromedia
2016-03-24 08:05 - 2016-03-24 08:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Macromedia
2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Mozilla
2016-03-24 08:02 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Mozilla
2016-03-24 08:00 - 2016-03-24 19:10 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Adobe
2016-03-24 08:00 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\NVIDIA
2016-03-24 08:00 - 2016-03-24 08:00 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Roaming\AVAST Software
2016-03-24 07:59 - 2016-03-26 21:05 - 00000000 ____D C:\Users\Daniel M. Burkus.PC
2016-03-24 07:59 - 2016-03-25 18:48 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\VirtualStore
2016-03-24 07:59 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Daniel M. Burkus.PC\AppData\Local\Google
2016-03-24 07:59 - 2016-03-24 07:59 - 00001413 _____ C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 07:59 - 2016-03-24 07:59 - 00000020 ___SH C:\Users\Daniel M. Burkus.PC\ntuser.ini
2016-03-24 07:59 - 2016-03-24 07:59 - 00000000 _SHDL C:\Users\Daniel M. Burkus.PC\My Documents
2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Macromedia
2016-03-24 07:50 - 2016-03-24 07:50 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Macromedia
2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Mozilla
2016-03-24 07:48 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Mozilla
2016-03-24 07:46 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\NVIDIA
2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\AVAST Software
2016-03-24 07:46 - 2016-03-24 07:46 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Roaming\Adobe
2016-03-24 07:45 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.001\Virtual Machines
2016-03-24 07:45 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\Google
2016-03-24 07:45 - 2016-03-24 07:47 - 00002201 _____ C:\Users\TEMP.PC.001\Desktop\Google Chrome.lnk
2016-03-24 07:45 - 2016-03-24 07:45 - 00001413 _____ C:\Users\TEMP.PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 07:44 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.001
2016-03-24 07:44 - 2016-03-24 07:44 - 00000020 ___SH C:\Users\TEMP.PC.001\ntuser.ini
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\My Documents
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Videos
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Pictures
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 _SHDL C:\Users\TEMP.PC.001\Documents\My Music
2016-03-24 07:44 - 2016-03-24 07:44 - 00000000 ____D C:\Users\TEMP.PC.001\AppData\Local\VirtualStore
2016-03-24 07:43 - 2016-03-24 07:43 - 00003528 ____N C:\bootsqm.dat
2016-03-24 06:46 - 2016-03-24 06:46 - 00064568 _____ C:\Users\TEMP.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 06:40 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC.000\Virtual Machines
2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\NVIDIA
2016-03-24 06:40 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\Google
2016-03-24 06:40 - 2016-03-24 06:42 - 00002201 _____ C:\Users\TEMP.PC.000\Desktop\Google Chrome.lnk
2016-03-24 06:40 - 2016-03-24 06:40 - 00001413 _____ C:\Users\TEMP.PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\AVAST Software
2016-03-24 06:40 - 2016-03-24 06:40 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Roaming\Adobe
2016-03-24 06:39 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC.000
2016-03-24 06:39 - 2016-03-24 06:39 - 00000020 ___SH C:\Users\TEMP.PC.000\ntuser.ini
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\My Documents
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Videos
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Pictures
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 _SHDL C:\Users\TEMP.PC.000\Documents\My Music
2016-03-24 06:39 - 2016-03-24 06:39 - 00000000 ____D C:\Users\TEMP.PC.000\AppData\Local\VirtualStore
2016-03-24 06:28 - 2016-03-24 06:28 - 00064568 _____ C:\Users\TEMP.PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\AVAST Software
2016-03-24 06:28 - 2016-03-24 06:28 - 00000000 ____D C:\Users\TEMP.PC\AppData\Roaming\Adobe
2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ___RD C:\Users\TEMP.PC\Virtual Machines
2016-03-24 06:27 - 2016-03-24 10:07 - 00000000 ____D C:\Users\TEMP.PC
2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\NVIDIA
2016-03-24 06:27 - 2016-03-24 10:06 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\Google
2016-03-24 06:27 - 2016-03-24 06:29 - 00002201 _____ C:\Users\TEMP.PC\Desktop\Google Chrome.lnk
2016-03-24 06:27 - 2016-03-24 06:27 - 00001413 _____ C:\Users\TEMP.PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 06:27 - 2016-03-24 06:27 - 00000020 ___SH C:\Users\TEMP.PC\ntuser.ini
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\My Documents
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Videos
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Pictures
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 _SHDL C:\Users\TEMP.PC\Documents\My Music
2016-03-24 06:27 - 2016-03-24 06:27 - 00000000 ____D C:\Users\TEMP.PC\AppData\Local\VirtualStore
2016-03-23 21:17 - 2016-03-23 21:17 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 21:17 - 2016-03-23 21:17 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 16:09 - 2016-03-24 10:06 - 00000000 ____D C:\Users\Public\Foxit Software
2016-03-23 15:47 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2016-03-23 15:46 - 2016-03-23 22:31 - 00000000 ____D C:\Users\TEMP
2016-03-23 15:46 - 2016-03-23 22:30 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2016-03-20 06:01 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-03-20 06:01 - 2016-03-20 06:01 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-03-20 06:00 - 2016-03-20 06:00 - 00000000 ____D C:\Program Files\Foxit Software
2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
2016-03-17 08:50 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbleWord
2016-03-17 08:50 - 2016-03-17 09:06 - 00000000 ____D C:\FreeOCR
2016-03-17 08:50 - 2016-03-17 08:50 - 00000000 ____D C:\Program Files\AbleWord
2016-03-17 08:50 - 2007-03-10 10:11 - 02680320 _____ (HiComponents) C:\Windows\system32\ImageEnXLibrary.ocx
2016-03-13 16:00 - 2016-02-12 03:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-13 16:00 - 2016-02-12 03:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-13 16:00 - 2016-02-12 03:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-13 16:00 - 2016-02-12 03:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-13 16:00 - 2016-02-12 03:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-13 16:00 - 2016-02-12 03:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-13 16:00 - 2016-02-12 03:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-13 16:00 - 2016-02-12 03:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-13 16:00 - 2016-02-12 03:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-13 16:00 - 2016-02-12 03:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-13 16:00 - 2016-02-12 03:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-13 16:00 - 2016-02-12 03:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-13 16:00 - 2016-02-12 03:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-13 16:00 - 2016-02-12 03:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-13 16:00 - 2016-02-12 03:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-13 16:00 - 2016-02-12 02:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-13 16:00 - 2016-02-12 02:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-13 16:00 - 2016-02-12 02:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-13 16:00 - 2016-02-12 02:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-13 16:00 - 2016-02-12 02:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-13 16:00 - 2016-02-12 02:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-13 16:00 - 2016-02-12 02:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-13 16:00 - 2016-02-12 02:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-13 16:00 - 2016-02-12 02:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-13 15:59 - 2016-02-05 02:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-13 15:58 - 2016-02-06 03:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-13 15:58 - 2016-02-06 03:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-13 15:58 - 2016-02-06 03:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-13 15:58 - 2016-02-06 02:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-13 15:58 - 2016-02-06 02:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-13 15:58 - 2016-02-05 03:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-13 15:58 - 2016-02-04 03:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-13 15:58 - 2016-02-04 03:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-13 15:58 - 2016-02-04 03:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-13 15:58 - 2016-02-04 02:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-13 12:27 - 2016-03-13 12:27 - 00000000 ____D C:\Windows\CheckSur
2016-03-13 09:48 - 2016-03-11 07:45 - 00006262 _____ C:\Windows\system32\Drivers\etc\hosts.20160313-094841.backup
2016-03-11 08:30 - 2016-03-26 06:30 - 00000000 ____D C:\Program Files\Google
2016-03-11 07:46 - 2016-03-11 07:46 - 00000000 ___HD C:\$windows.~bt
2016-03-11 07:42 - 2016-03-11 07:42 - 00000000 ____D C:\Program Files\AEGIS-Voat
2016-03-11 07:31 - 2016-03-11 07:31 - 00000000 ____D C:\2d3f5ed3ad81cf6d8f1e358b68f9
2016-03-10 21:46 - 2016-03-26 09:02 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-10 21:10 - 2016-02-09 18:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 06:03 - 2016-03-17 09:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-09 06:03 - 2016-03-09 06:03 - 00000000 ____D C:\Program Files\Adobe
2016-03-02 07:31 - 2016-03-02 07:30 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-02 07:30 - 2016-03-02 07:30 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-01 22:38 - 2016-03-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct MIDI to MP3 Converter
2016-03-01 22:38 - 2016-03-01 22:38 - 00000000 ____D C:\Program Files\Direct MIDI to MP3 Converter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 14:13 - 2016-01-29 01:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-27 14:13 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-27 12:00 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-27 12:00 - 2009-07-14 13:34 - 00013904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-27 11:03 - 2016-02-19 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-26 21:25 - 2009-07-14 11:04 - 00000215 _____ C:\Windows\system.ini
2016-03-26 21:21 - 2016-02-19 14:55 - 00000000 ____D C:\Windows\erdnt
2016-03-26 20:11 - 2016-02-17 17:11 - 00000000 ____D C:\EEK
2016-03-26 11:55 - 2016-01-29 16:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-26 11:39 - 2016-02-15 14:58 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-26 11:10 - 2016-02-13 21:56 - 01127632 _____ C:\Windows\ntbtlog.txt
2016-03-26 10:16 - 2016-01-29 02:16 - 00429336 _____ C:\Windows\system32\perfh012.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00417690 _____ C:\Windows\system32\perfh011.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00401934 _____ C:\Windows\system32\prfh0404.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00384862 _____ C:\Windows\system32\prfh0804.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00122062 _____ C:\Windows\system32\perfc011.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00120346 _____ C:\Windows\system32\perfc012.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00119554 _____ C:\Windows\system32\prfc0804.dat
2016-03-26 10:16 - 2016-01-29 02:16 - 00115052 _____ C:\Windows\system32\prfc0404.dat
2016-03-26 10:16 - 2016-01-29 01:16 - 02850866 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-26 10:16 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\inf
2016-03-26 06:29 - 2016-01-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-26 06:29 - 2016-01-29 16:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-25 07:56 - 2009-07-14 11:04 - 00000442 _____ C:\Windows\win.ini
2016-03-24 18:03 - 2016-01-29 05:02 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-24 18:03 - 2016-01-29 05:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-24 10:31 - 2016-01-29 01:39 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-24 10:08 - 2016-01-29 01:14 - 00000000 ____D C:\Users\Daniel Burkus
2016-03-24 10:07 - 2016-02-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-24 10:07 - 2016-02-18 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADS Scanner 2
2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-24 10:07 - 2016-02-15 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-24 10:07 - 2016-02-06 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-24 10:07 - 2016-01-30 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-03-24 10:07 - 2016-01-30 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-03-24 10:07 - 2016-01-30 08:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2016-03-24 10:07 - 2016-01-30 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HAANSOFT
2016-03-24 10:07 - 2016-01-30 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-24 10:07 - 2016-01-30 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2016-03-24 10:07 - 2016-01-29 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-24 10:07 - 2016-01-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-03-24 10:07 - 2016-01-29 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2016-03-24 10:07 - 2016-01-29 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
2016-03-24 10:07 - 2016-01-29 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2016-03-24 10:07 - 2016-01-29 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2016-03-24 10:07 - 2016-01-29 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-03-24 10:07 - 2016-01-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-24 10:07 - 2016-01-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-24 10:07 - 2016-01-29 05:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-24 10:07 - 2016-01-29 05:02 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Roaming\Adobe
2016-03-24 10:07 - 2016-01-29 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-24 10:07 - 2009-07-14 13:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-24 10:06 - 2016-01-29 16:29 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-24 10:06 - 2016-01-29 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-24 10:06 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\registration
2016-03-24 09:38 - 2016-01-29 02:52 - 00000000 ____D C:\Users\Daniel Burkus\AppData\Local\NVIDIA
2016-03-24 09:16 - 2016-01-30 09:26 - 00000000 ____D C:\Users\Daniel M. Burkus
2016-03-23 22:31 - 2016-01-29 20:10 - 00000000 ____D C:\Users\TEMP\Desktop\WORK
2016-03-23 22:30 - 2016-01-29 16:01 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2016-03-23 22:30 - 2016-01-29 04:56 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2016-03-22 14:45 - 2016-02-21 08:57 - 00000979 _____ C:\DelFix.txt
2016-03-21 06:49 - 2016-01-29 16:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-20 05:56 - 2016-02-12 06:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-19 13:48 - 2016-01-29 05:05 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
2016-03-18 15:40 - 2016-02-15 14:57 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-15 09:38 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\rescache
2016-03-14 16:02 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-13 22:51 - 2016-01-29 01:39 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 20:20 - 2009-07-14 13:33 - 00309064 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 08:52 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-03-11 08:11 - 2009-07-14 13:52 - 00000000 ____D C:\Program Files\DVD Maker
2016-03-11 08:11 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\tracing
2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-03-11 07:48 - 2016-01-31 19:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 14:09 - 2016-01-29 16:20 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2016-01-29 16:20 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2016-01-29 16:20 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 06:53 - 2016-01-29 16:31 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-10 06:53 - 2016-01-29 16:31 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-09 11:32 - 2009-07-14 13:53 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU(32).TXT
2016-03-09 06:38 - 2016-01-29 16:01 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-09 06:02 - 2016-01-30 08:05 - 00000000 ____D C:\ProgramData\Adobe
2016-03-02 08:28 - 2016-01-29 21:31 - 00000000 ____D C:\Program Files\WinRAR
2016-03-02 07:32 - 2016-01-29 16:31 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-02 07:32 - 2016-01-29 16:31 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-02 07:31 - 2016-01-29 16:31 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-02 07:30 - 2016-01-29 16:31 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-01 16:56 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160306-120250.backup
2016-02-29 18:11 - 2016-01-29 21:02 - 00000000 ____D C:\Program Files\Audacity
2016-02-29 18:08 - 2016-01-29 21:02 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-02-29 09:06 - 2009-07-14 11:04 - 00450151 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-165623.backup

==================== Files in the root of some directories =======

2016-03-24 19:18 - 2016-03-24 19:18 - 0000438 _____ () C:\Users\Daniel M. Burkus.PC\AppData\Local\ReclaiMe.config
2016-03-24 19:18 - 2016-03-24 19:18 - 0000913 _____ () C:\ProgramData\ReclaiMe.config

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2016-01-31 08:35] - [2009-07-14 10:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-19 12:03

==================== End of FRST.txt ============================

Daniel Burkus · Mar 27, 2016

ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Daniel M. Burkus (2016-03-27 14:18:52)
Running from C:\My Documents\A - Software Shortcuts\Malware Scanning Tools
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-01-28 16:14:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1259038908-1583320175-680065255-500 - Administrator - Disabled)
Daniel M. Burkus (S-1-5-21-1259038908-1583320175-680065255-1005 - Administrator - Enabled) => C:\Users\Daniel M. Burkus.PC
Guest (S-1-5-21-1259038908-1583320175-680065255-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1259038908-1583320175-680065255-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbleWord v3.0 (HKLM\...\AbleWord_is1) (Version: - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
ADS Scanner 2 (HKLM\...\ADS Scanner 2) (Version: 2 - Pointstone Software, LLC)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
Direct MIDI to MP3 Converter version 7.0.0.0 (HKLM\...\Direct MIDI to MP3 Converter_is1) (Version: 7.0.0.0 - Piston Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.77.5240 - Gretech Corporation)
Hangul 2002 SE (HKLM\...\{CECBC29F-6D3A-4ED6-A686-7220EF9B69CC}) (Version: 5.7.5.3007 - Haansoft)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
K-Lite Mega Codec Pack 10.4.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MP3 Toolkit 1.0.5 (HKLM\...\MP3 Toolkit_is1) (Version: - MP3Toolkit.com)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507B}) (Version: 4.0.9 - dotPDN LLC)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SafeZone Stable 1.48.2066.44 (Version: 1.48.2066.44 - Avast Software) Hidden
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Tray Tools 2000 (HKLM\...\Tray Tools 2000) (Version: Tray Tools 2000 - Version 2.7 - Gregory Braun -- Software Design)
TreeSize Free V3.0.1 (HKLM\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24EAC4BE-B459-44E4-9847-02174A676EA0} - System32\Tasks\SafeZone scheduled Autoupdate 1458735473 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {2E7584C7-0090-4DE2-AAE4-03D7F7D4A87D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-02] (AVAST Software)
Task: {56FDB460-B837-44D0-BF48-B27FB59F8914} - System32\Tasks\{8BDA641D-7880-4690-8B38-75DCC0CDA57D} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen\Easy Video Editor v2.0.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\EASY Video Editor (v 2.0)\EASY.exe plus Keygen"
Task: {7609A09A-65AD-4EA1-9094-339D2D39D483} - System32\Tasks\{8703A1E3-955E-4714-B632-178F571D3F03} => pcalua.exe -a "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)\Nero-6[1].6.0.18.exe" -d "C:\Users\Daniel Burkus\Virtual Machines\Install Files\NeroBurning .exe file (with Keygen)"
Task: {B9B5EEE0-7447-4EC2-A8EB-FC19790E5369} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8C7DDD9-1767-446A-AE61-65105B310ABB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D6C559EA-22F9-4CEF-8675-46685F8EFAE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {FF55AC69-9AD3-4DC5-8418-69E159A58B32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-29 01:50 - 2015-02-04 11:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-03-02 07:30 - 2016-03-02 07:30 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-02 07:30 - 2016-03-02 07:30 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-27 06:52 - 2016-03-27 06:52 - 02843136 _____ () C:\Program Files\AVAST Software\Avast\defs\16032600\algo.dll
2016-03-02 07:30 - 2016-03-02 07:30 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-29 19:14 - 2016-01-22 16:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
2016-01-30 07:47 - 2010-07-05 06:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2016-01-29 16:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-29 16:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-29 16:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-29 16:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-29 16:30 - 2016-01-29 16:30 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-30 07:47 - 2010-07-05 04:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2016-03-26 10:10 - 2010-08-27 09:32 - 04577760 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2016-03-26 10:10 - 2010-07-08 11:24 - 00258048 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCT_SKMScan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7882 more sites.

IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1259038908-1583320175-680065255-1005\...\123simsen.com -> www.123simsen.com

There are 7880 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:04 - 2016-03-26 21:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1259038908-1583320175-680065255-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel M. Burkus.PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{763C9D5E-ECFE-4D3A-AF81-CC4EBB84CF83}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{B8C3A556-31F9-4237-BA72-805C9C7E79A6}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E7E15744-6AA7-40EA-87BE-E5FD2DC12D96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBC611D-95BA-48BA-AC62-BC052843BA17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB035A13-5F60-4C15-AD6D-F3740287AB2A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{46A04708-A71C-47A9-B967-D1C29970E410}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{B36792AD-C22F-4AD5-A86A-58D4966FB2AF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-03-2016 14:44:42 End of disinfection
24-03-2016 09:30:16 Restore Operation
26-03-2016 07:32:02 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 07:33:55 Device Driver Package Install: NETGEAR Inc. Network Protocol
26-03-2016 09:05:32 JRT Pre-Junkware Removal
26-03-2016 10:06:08 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 10:10:12 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
26-03-2016 10:11:04 Device Driver Package Install: NETGEAR Inc. Network Protocol
26-03-2016 13:10:58 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2016 02:13:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/27/2016 02:13:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/27/2016 11:18:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2016 06:44:09 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/27/2016 06:44:09 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 09:24:19 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 09:24:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 09:03:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (03/26/2016 09:03:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x800401F9

Error: (03/26/2016 09:01:08 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

System errors:
=============
Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/27/2016 02:16:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/27/2016 02:16:32 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/27/2016 02:16:32 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/27/2016 02:16:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/27/2016 02:16:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/27/2016 02:16:22 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/27/2016 12:00:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+
Percentage of memory in use: 42%
Total physical RAM: 3071.3 MB
Available physical RAM: 1758.09 MB
Total Virtual: 6140.93 MB
Available Virtual: 4681.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:198.89 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Data Storage) (Fixed) (Total:232.88 GB) (Free:66.61 GB) NTFS
Drive g: (Data Storage) (Fixed) (Total:232.79 GB) (Free:67.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 697FBEB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BCE48856)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B31CAE79)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Mar 27, 2016

Those are clean.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Daniel Burkus · Mar 29, 2016

I have no more bandwidth left for this month. Will post these scan results on Friday.

-- Daniel M. Burkus

Broni · Mar 29, 2016

OK...

Daniel Burkus · Mar 31, 2016

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (3.0.0.11005)
CCleaner
Adobe Flash Player 21.0.0.197
Mozilla Firefox (45.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Sophos Sophos Virus Removal Tool SVRTgui.exe
Sophos Sophos Virus Removal Tool SVRTservice.exe
A - Software Shortcuts Malware Scanning Tools SecurityCheck.exe
A - Software Shortcuts Malware Scanning Tools FarbarServiceScanner.exe
A - Software Shortcuts Malware Scanning Tools TempFileCleaner.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Daniel Burkus · Mar 31, 2016

Farbar Service Scanner Version: 27-01-2016
Ran by Daniel M. Burkus (administrator) on 28-03-2016 at 18:26:34
Running from "C:\My Documents\A - Software Shortcuts\Malware Scanning Tools"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

Daniel Burkus · Mar 31, 2016

The Sophos Scan was without issue.

-- Daniel M. Burkus

Broni · Mar 31, 2016

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Inactive Windows 7: profile chagned to temporary profile; system restore 0xc0000022 error -- Malware?

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 56,041 +516

Posts: 161 +7

Posts: 161 +7

Posts: 161 +7

Posts: 56,041 +516

Similar threads