Solved Audio Video Problems

J

jerry carson

Posts: 17   +0
I can not seem to get the audio and video synchronized when Adobe Flash is active. I am using Google Chrome and Windows Vista 32
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Calah at 2015-04-02 13:57:52
Running from C:\Users\Calah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
A Girl in the City (HKLM\...\A Girl in the City1.0) (Version: 1.0 - TriSynergy, Inc.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3008 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice in Wonderland (HKLM\...\Alice in Wonderland1.0) (Version: 1.0 - TriSynergy, Inc.)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AV Input Selection (HKLM\...\{F429ED71-4A8B-457A-85E4-F6398CE73E58}) (Version: 1.02.0047 - YUAN)
BE Downloadable Edition (Version: 1.1 - WORDsearch Corp) Hidden
Bejeweled(R) 3 (HKLM\...\9722e9266ca0124d9b88f98c73923664) (Version: - GameHouse)
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bible Explorer Limited Edition (Version: 1.1 - WORDsearch Corp) Hidden
Big Kahuna Reef 2: Chain Reaction (HKLM\...\Big Kahuna Reef 2: Chain Reaction_is1) (Version: - Reflexive Entertainment, Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Creative WebCam Instant Driver (1.01.02.0729) (HKLM\...\Creative PD0620) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hidden Memories of a Bright Summer (HKLM\...\Hidden Memories of a Bright Summer1.0) (Version: 1.0 - TriSynergy, Inc.)
HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
iConcepts Webcam Manager (HKLM\...\iConcepts Webcam Manager) (Version: - )
iLumina Gold Premium (HKLM\...\iLuminaPremium) (Version: 2.80 - Tyndale House Publishers)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Jennifer Wolf and the Mayan Relics (HKLM\...\Jennifer Wolf and the Mayan Relics1.0) (Version: 1.0 - TriSynergy, Inc.)
Jewel Quest (remove only) (HKLM\...\JewelQuest) (Version: - JenkatGames)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version: - )
Les Miserables - Cosettes Fate (HKLM\...\Les Miserables - Cosettes Fate1.0) (Version: 1.0 - TriSynergy, Inc.)
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Mahjongg - The Ultimate Collection (HKLM\...\Mahjongg - The Ultimate Collection) (Version: - On Hand Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Princess Case - A Royal Scoop (HKLM\...\The Princess Case - A Royal Scoop1.0) (Version: 1.0 - TriSynergy, Inc.)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{dca12e79-05aa-4cd5-a088-7178ddfc73b4}\localserver32 -> C:\Users\Calah\AppData\Local\Temp\{a52d1d8e-bcca-11d4-ab7d-00b0d02332eb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

==================== Restore Points =========================

31-03-2015 01:25:41 Scheduled Checkpoint
01-04-2015 00:08:27 Scheduled Checkpoint
02-04-2015 02:27:22 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E18415-3B0D-473E-8EB4-8A4D93300835} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Calah => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {1731CA6D-EA90-434C-82CD-72B5782B2A43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {6BB21CD6-1F45-4D73-A543-358D95C93B75} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [1999-12-31] (Microsoft Corporation)
Task: {794BDD18-6A99-4C5B-89F7-5610B37DC02C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {7A04AE51-69BE-4C8C-8700-F3B83DFFAB85} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A07C3A48-E2E6-4ECD-A808-CC95F524C587} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {AC379701-6162-4403-BD9E-68EF6BDA9D8A} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {AC576FD6-FD9F-4CF7-89EF-B15372A61E97} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {B2BC089F-D745-4E56-8136-A0D68AF72FED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {BB1E8E56-EE76-426B-A561-C71A0E699E2C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D52F691A-67AF-4A4F-8E2D-5915CE2E4DEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {EA9014FD-D9AC-4DBE-AB60-AB7CF9FE125F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F78216C3-67C0-4CF3-ABF4-A4CF8FAE8CE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{05CA0EA7-E3AF-469B-B3BB-EF26D5711B50}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-21 02:03 - 2015-03-14 06:12 - 09278792 ____C () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 02:03 - 2015-03-14 06:12 - 14974280 ____C () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2014-10-27 19:38 - 2014-02-10 13:44 - 04592128 ____C () C:\Users\Calah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-27 19:38 - 2014-02-10 13:44 - 00112128 ____C () C:\Users\Calah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:861A898F
AlternateDataStreams: C:\ProgramData\TEMP:8AB6C1D7
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
AlternateDataStreams: C:\ProgramData\TEMP:FC420CE6
AlternateDataStreams: C:\ProgramData\TEMP:FEBEC560

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.0.1 - 205.171.203.226

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK => C:\Windows\pss\hpzrcv01.LNK.CommonStartup
MSCONFIG\startupfolder: C:^Users^Calah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk => C:\Windows\pss\Acer Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent =>

==================== Accounts: =============================

Administrator (S-1-5-21-1634817539-8173870-1952294464-500 - Administrator - Disabled)
Calah (S-1-5-21-1634817539-8173870-1952294464-1000 - Administrator - Enabled) => C:\Users\Calah
Guest (S-1-5-21-1634817539-8173870-1952294464-501 - Limited - Enabled)
JC (S-1-5-21-1634817539-8173870-1952294464-1010 - Administrator - Enabled) => C:\Users\JC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 01:10:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 10:43:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/02/2015 01:20:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5

Error: (04/02/2015 01:20:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Error: (04/02/2015 01:11:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (04/02/2015 01:11:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic System Host

Error: (04/02/2015 01:11:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic Service Host

Error: (04/02/2015 01:10:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: HP Support Solutions Framework Service%%1053

Error: (04/02/2015 01:10:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000HP Support Solutions Framework Service

Error: (04/02/2015 01:10:02 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80508001

Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Signature version: 1.195.1454.0;1.195.1454.0

Engine version: %600

Error: (04/02/2015 01:08:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:05:45 PM on 4/2/2015 was unexpected.

Error: (03/31/2015 10:44:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-04-02 13:57:20.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:19.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:19.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:19.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:17.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:17.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:17.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 13:57:16.693
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 12:31:20.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-30 12:31:20.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Athlon LE-1600
Percentage of memory in use: 68%
Total physical RAM: 1789.8 MB
Available physical RAM: 569.99 MB
Total Pagefile: 3830.63 MB
Available Pagefile: 2293.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.78 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:71.68 GB) (Free:13.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:67.36 GB) (Free:67.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DB0ACC44)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=71.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=67.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Calah (administrator) on JERRY on 02-04-2015 13:53:17
Running from C:\Users\Calah\Downloads
Loaded Profiles: Calah (Available profiles: Calah & JC)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [TkBellExe] => [X]
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\MountPoints2: {38be2976-5f48-11db-99bb-806e6f6e6963} - F:\HOA2.exe
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-18\...\RunOnce: [] => C:\Windows\system32\OSK.exe [182272 2009-04-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
BootExecute: """""""autocheck autochk * """"""".堡˓ᗰፋ꫱ླྀꫜጪᎬጣ"ᢐጫ✨Ͱᢴጫ✨Ͱ"退ጪ័ཱ"" 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1634817539-8173870-1952294464-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1634817539-8173870-1952294464-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1634817539-8173870-1952294464-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File []
Handler: linkscanner - No CLSID Value - []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File []
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-27]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.foxnews.com/", "https://www.google.com/"
CHR Profile: C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Electric Box 2) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acadlkikicloclmmhlgfbmlglhbnnicp [2015-01-25]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-10-27]
CHR Extension: (Google Docs) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Jigsaw Puzzles) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfjbbggnhfffnobladegogdkdjheibb [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Google Search) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Hangman) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2014-11-25]
CHR Extension: (Unblock It) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\enaaiocgfnhfddlooahdapieledmlhnc [2015-01-03]
CHR Extension: (Google Sheets) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-27]
CHR Extension: (Hangman Deluxe !) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfldafmihkemlfaolfgmppbafmappjj [2015-01-21]
CHR Extension: (Jigsaw Puzzles Daily) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjcfkigenhanhgbeajpachkjahjmmbk [2014-12-31]
CHR Extension: (Mahjong Bliss) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fphdehbjgncnafljefldncnncojcjnfl [2015-01-04]
CHR Extension: (Word search) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggckablhhmjagmokplgnbamljajnhanm [2014-10-30]
CHR Extension: (Bookmark Manager) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-10]
CHR Extension: (Christmas Solitaire) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagekljofloidfdcggobddkggjkglepj [2014-12-23]
CHR Extension: (Word Search) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jigekglfaceoiilbabcffhhakffifpci [2015-01-06]
CHR Extension: (Little Alchemy) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-01-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (USA Independence Day Theme) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgggmlhfbnbhbkeogednenglhggdfif [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]
CHR HKLM\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Calah\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.17.0.0.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-16] (NVIDIA Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-09-18] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 1999-12-31] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-12] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-01-22] ()
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [359640 1999-12-31] (Realsil Semiconductor Corporation)
S3 WUSB54GSCv2.NTx86; system32\DRIVERS\WUSB54GSCV2_X86.sys [X]
U2 WZCSVC; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:53 - 2015-04-02 13:54 - 00015144 ____C () C:\Users\Calah\Downloads\FRST.txt
2015-04-02 13:51 - 2015-04-02 13:53 - 00000000 ___DC () C:\FRST
2015-04-02 13:50 - 2015-04-02 13:51 - 01135104 ____C (Farbar) C:\Users\Calah\Downloads\FRST.exe
2015-03-31 10:43 - 2015-03-31 10:43 - 00097768 ____C () C:\Users\Calah\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 10:41 - 2015-03-31 10:42 - 00367008 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-03-26 11:17 - 2015-03-26 11:17 - 00529384 ____C () C:\Users\Calah\Downloads\setup.exe
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4.avi
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4 (2).avi
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4 (1).avi
2015-03-17 22:49 - 2015-03-17 22:54 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects Adventure
2015-03-17 22:28 - 2015-03-17 22:48 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects Romance
2015-03-17 21:46 - 2015-03-17 22:09 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects LesMiserables
2015-03-17 21:43 - 2015-03-17 21:43 - 00001754 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\The Princess Case - A Royal Scoop.lnk
2015-03-17 21:43 - 2015-03-17 21:43 - 00001730 ____C () C:\Users\Calah\Desktop\The Princess Case - A Royal Scoop.lnk
2015-03-17 21:43 - 2015-03-17 21:43 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Princess Case - A Royal Scoop
2015-03-17 21:30 - 2015-03-17 21:30 - 00001771 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Les Miserables - Cosettes Fate.lnk
2015-03-17 21:30 - 2015-03-17 21:30 - 00001747 ____C () C:\Users\Calah\Desktop\Les Miserables - Cosettes Fate.lnk
2015-03-17 21:30 - 2015-03-17 21:30 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Les Miserables - Cosettes Fate
2015-03-17 21:24 - 2015-03-17 21:24 - 00001779 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Jennifer Wolf and the Mayan Relics.lnk
2015-03-17 21:24 - 2015-03-17 21:24 - 00001755 ____C () C:\Users\Calah\Desktop\Jennifer Wolf and the Mayan Relics.lnk
2015-03-17 21:24 - 2015-03-17 21:24 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jennifer Wolf and the Mayan Relics
2015-03-16 09:26 - 2015-03-16 09:26 - 00001863 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Hidden Memories of a Bright Summer.lnk
2015-03-16 09:26 - 2015-03-16 09:26 - 00001839 ____C () C:\Users\Calah\Desktop\Hidden Memories of a Bright Summer.lnk
2015-03-16 09:26 - 2015-03-16 09:26 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Memories of a Bright Summer
2015-03-16 09:20 - 2015-03-16 09:20 - 00001612 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Alice in Wonderland.lnk
2015-03-16 09:20 - 2015-03-16 09:20 - 00001588 ____C () C:\Users\Calah\Desktop\Alice in Wonderland.lnk
2015-03-16 09:20 - 2015-03-16 09:20 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice in Wonderland
2015-03-16 09:18 - 2015-03-17 21:43 - 00000000 ___DC () C:\Games
2015-03-16 09:18 - 2015-03-16 09:18 - 00001596 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\A Girl in the City.lnk
2015-03-16 09:18 - 2015-03-16 09:18 - 00001572 ____C () C:\Users\Calah\Desktop\A Girl in the City.lnk
2015-03-16 09:18 - 2015-03-16 09:18 - 00000000 ___DC () C:\Users\Public\Documents\JustAdventure
2015-03-16 09:18 - 2015-03-16 09:18 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Girl in the City
2015-03-11 21:15 - 2015-03-11 21:16 - 06824950 ____C () C:\Users\Calah\Downloads\avatar-hentai-video (1).flv
2015-03-11 21:15 - 2015-03-11 21:15 - 06824950 ____C () C:\Users\Calah\Downloads\avatar-hentai-video.flv
2015-03-11 03:28 - 2015-01-28 21:35 - 00369664 ____C (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 03:27 - 2015-01-28 21:35 - 00975360 ____C (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 03:26 - 2015-02-25 20:18 - 02064384 ____C (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 03:12 - 2015-02-19 22:03 - 00034304 ____C (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 03:12 - 2015-02-19 20:28 - 00296960 ____C (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 03:09 - 2015-02-25 22:01 - 03604408 ____C (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 03:09 - 2015-02-25 22:01 - 03552184 ____C (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 03:09 - 2015-01-08 22:04 - 00049152 ____C (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 03:09 - 2015-01-08 20:18 - 00064000 ____C (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 03:08 - 2015-01-20 22:02 - 00807936 ____C (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 03:07 - 2015-03-06 00:01 - 00279040 ____C (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 03:06 - 2014-10-12 21:12 - 02264064 ____C (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 03:05 - 2015-02-17 22:02 - 11587584 ____C (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 11084800 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 06007296 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 02006016 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 01469440 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:35 - 2015-02-12 21:01 - 01214976 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00916992 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00630784 ____C (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00630272 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00420864 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00387584 ____C (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00348160 ____C (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00216576 ____C (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00206848 ____C (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00184320 ____C (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00164352 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00109056 ____C (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00105984 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00071680 ____C (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00067072 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00055808 ____C (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00055296 ____C (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00043520 ____C (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00019456 ____C (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-03-11 00:35 - 2015-02-12 19:31 - 00385024 ____C (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 00:35 - 2015-02-12 19:24 - 01638912 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:35 - 2015-02-12 19:24 - 00174080 ____C (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 00:35 - 2015-02-12 19:24 - 00133632 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:35 - 2015-02-12 19:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-08 22:30 - 2015-03-08 22:30 - 01582394 ____C () C:\Users\Calah\Downloads\JigsawPuzzleLite_Game_6.exe
2015-03-06 10:42 - 2015-03-06 10:42 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (3).exe
2015-03-06 10:39 - 2010-03-10 00:26 - 00903945 ____C () C:\Users\Calah\Desktop\Windows6.0-KB981013-x86.msu
2015-03-06 10:38 - 2015-03-06 10:38 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (2).exe
2015-03-06 10:33 - 2010-03-10 00:26 - 00903945 ____C () C:\Users\Calah\Downloads\Windows6.0-KB981013-x86.msu
2015-03-06 10:32 - 2015-03-06 10:33 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (1).exe
2015-03-06 10:30 - 2015-03-06 10:31 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip.exe
2015-03-06 08:57 - 2015-03-30 12:20 - 00114904 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 08:57 - 2015-03-06 08:57 - 00000903 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-06 08:57 - 2015-03-06 08:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-06 08:57 - 2015-03-06 08:57 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2015-03-06 08:57 - 2014-11-21 07:14 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-06 08:57 - 2014-11-21 07:14 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-06 08:57 - 2014-11-21 07:14 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-06 08:50 - 2015-03-06 08:56 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Calah\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 20:22 - 2015-03-03 20:26 - 34178344 ____C () C:\Users\Calah\Downloads\cl-12015.flv
2015-03-03 20:22 - 2015-03-03 20:25 - 34178344 ____C () C:\Users\Calah\Downloads\cl-12015 (2).flv
2015-03-03 20:22 - 2015-03-03 20:25 - 34178344 ____C () C:\Users\Calah\Downloads\cl-12015 (1).flv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:54 - 2014-04-15 13:15 - 00000886 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 13:14 - 2015-02-19 02:16 - 02014161 ____C () C:\Windows\WindowsUpdate.log
2015-04-02 13:14 - 2006-11-02 06:33 - 00759542 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 13:09 - 2014-04-15 13:15 - 00000882 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 13:09 - 2008-11-10 10:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-02 13:09 - 2006-11-02 09:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-02 13:09 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 13:09 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 08:13 - 2006-11-02 07:18 - 00000000 ___DC () C:\Windows\tracing
2015-04-02 06:35 - 2015-01-26 08:34 - 00000422 ___HC () C:\Windows\Tasks\User_Feed_Synchronization-{05CA0EA7-E3AF-469B-B3BB-EF26D5711B50}.job
2015-03-29 02:25 - 2006-11-02 09:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-21 02:05 - 2014-10-27 19:24 - 00001975 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-17 00:34 - 2013-06-28 02:21 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\HdO Adventure
2015-03-11 03:27 - 2008-04-30 14:26 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-03-11 03:26 - 2013-07-23 03:00 - 00000000 ___DC () C:\Windows\system32\MRT
2015-03-11 03:13 - 2006-11-02 06:24 - 119837696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-08 22:31 - 2015-02-17 01:01 - 00000000 ___DC () C:\Program Files\KraiSoft Games
2015-03-03 06:50 - 2011-08-31 23:34 - 00246920 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-07-17 14:53 - 2012-07-17 14:53 - 0012358 ____C () C:\Users\Calah\AppData\Roaming\PFP110JCM.{PB
2012-07-17 14:53 - 2012-07-17 14:53 - 0061678 ____C () C:\Users\Calah\AppData\Roaming\PFP110JPR.{PB
2012-06-07 03:42 - 2012-06-07 03:42 - 0000008 ____C () C:\Users\Calah\AppData\Roaming\usb.dat.bin
2014-10-19 18:07 - 2014-10-19 18:07 - 0000046 ____C () C:\Users\Calah\AppData\Roaming\WB.CFG
2012-06-07 02:42 - 2014-10-21 22:06 - 0000506 ____C () C:\Users\Calah\AppData\Roaming\wklnhst.dat
2014-09-14 04:50 - 2014-09-14 04:50 - 0000552 ____C () C:\Users\Calah\AppData\Local\d3d8caps.dat
2011-12-29 01:43 - 2014-12-30 01:41 - 0001356 ____C () C:\Users\Calah\AppData\Local\d3d9caps.dat
2011-10-30 01:39 - 2015-01-28 23:33 - 0017408 ____C () C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-28 20:37 - 2011-12-29 01:39 - 0001240 __SHC () C:\Users\Calah\AppData\Local\q5gqe0424am05scv43hgb2l8620k56
2013-05-20 23:51 - 2013-05-21 00:01 - 0000000 ____C () C:\ProgramData\as98213.txt
2014-02-17 20:17 - 2014-02-17 20:17 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2011-08-29 00:06 - 2014-09-22 19:27 - 0008722 ____C () C:\ProgramData\hpzinstall.log
2013-05-27 11:52 - 2013-05-28 11:20 - 0000000 ____C () C:\ProgramData\kjhy64.txt
2012-12-25 20:49 - 2012-12-25 20:49 - 0000109 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1634817539-8173870-1952294464-1000\$e4d32658a0e08d011346561bc99967d9

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e4d32658a0e08d011346561bc99967d9

Files to move or delete:
====================
C:\Users\Calah\CruzerSync_v3_2_016.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-02 13:17

==================== End Of Log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

You're infected with ZeroAccess rootkit.
I'm not sure if it makes any connection with your Flash issues but we have to clean your computer anyway.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.5 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Calah at 2015-04-02 20:54:57 Run:1
Running from C:\Users\Calah\Downloads
Loaded Profiles: Calah (Available profiles: Calah & JC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {AC379701-6162-4403-BD9E-68EF6BDA9D8A} - \WSE_Astromenda No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:861A898F
AlternateDataStreams: C:\ProgramData\TEMP:8AB6C1D7
AlternateDataStreams: C:\ProgramData\TEMP:98DFF516
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
AlternateDataStreams: C:\ProgramData\TEMP:FC420CE6
AlternateDataStreams: C:\ProgramData\TEMP:FEBEC560
HKLM\...\Run: [TkBellExe] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\MountPoints2: {38be2976-5f48-11db-99bb-806e6f6e6963} - F:\HOA2.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1634817539-8173870-1952294464-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1634817539-8173870-1952294464-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File []
Handler: linkscanner - No CLSID Value - []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File []
CHR HKLM\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\Calah\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.17.0.0.crx [Not Found]
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WUSB54GSCv2.NTx86; system32\DRIVERS\WUSB54GSCV2_X86.sys [X]
U2 WZCSVC; No ImagePath
2012-07-17 14:53 - 2012-07-17 14:53 - 0012358 ____C () C:\Users\Calah\AppData\Roaming\PFP110JCM.{PB
2012-07-17 14:53 - 2012-07-17 14:53 - 0061678 ____C () C:\Users\Calah\AppData\Roaming\PFP110JPR.{PB
2012-06-07 03:42 - 2012-06-07 03:42 - 0000008 ____C () C:\Users\Calah\AppData\Roaming\usb.dat.bin
2014-10-19 18:07 - 2014-10-19 18:07 - 0000046 ____C () C:\Users\Calah\AppData\Roaming\WB.CFG
2012-06-07 02:42 - 2014-10-21 22:06 - 0000506 ____C () C:\Users\Calah\AppData\Roaming\wklnhst.dat
2014-09-14 04:50 - 2014-09-14 04:50 - 0000552 ____C () C:\Users\Calah\AppData\Local\d3d8caps.dat
2011-12-29 01:43 - 2014-12-30 01:41 - 0001356 ____C () C:\Users\Calah\AppData\Local\d3d9caps.dat
2011-10-30 01:39 - 2015-01-28 23:33 - 0017408 ____C () C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-28 20:37 - 2011-12-29 01:39 - 0001240 __SHC () C:\Users\Calah\AppData\Local\q5gqe0424am05scv43hgb2l8620k56
2013-05-20 23:51 - 2013-05-21 00:01 - 0000000 ____C () C:\ProgramData\as98213.txt
2014-02-17 20:17 - 2014-02-17 20:17 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2011-08-29 00:06 - 2014-09-22 19:27 - 0008722 ____C () C:\ProgramData\hpzinstall.log
2013-05-27 11:52 - 2013-05-28 11:20 - 0000000 ____C () C:\ProgramData\kjhy64.txt
2012-12-25 20:49 - 2012-12-25 20:49 - 0000109 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
C:\$Recycle.Bin\S-1-5-21-1634817539-8173870-1952294464-1000\$e4d32658a0e08d011346561bc99967d9
C:\$Recycle.Bin\S-1-5-18\$e4d32658a0e08d011346561bc99967d9
C:\Users\Calah\CruzerSync_v3_2_016.exe

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC379701-6162-4403-BD9E-68EF6BDA9D8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC379701-6162-4403-BD9E-68EF6BDA9D8A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":4BB26BE9" ADS removed successfully.
C:\ProgramData\TEMP => ":580E04D8" ADS removed successfully.
C:\ProgramData\TEMP => ":793F316E" ADS removed successfully.
C:\ProgramData\TEMP => ":861A898F" ADS removed successfully.
C:\ProgramData\TEMP => ":8AB6C1D7" ADS removed successfully.
C:\ProgramData\TEMP => ":98DFF516" ADS removed successfully.
C:\ProgramData\TEMP => ":9E22BBE8" ADS removed successfully.
C:\ProgramData\TEMP => ":FC420CE6" ADS removed successfully.
C:\ProgramData\TEMP => ":FEBEC560" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => value deleted successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
"HKU\S-1-5-21-1634817539-8173870-1952294464-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38be2976-5f48-11db-99bb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{38be2976-5f48-11db-99bb-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKCR\PROTOCOLS\Handler\inbox" => Key deleted successfully.
HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\skype4com" => Key deleted successfully.
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaanpaddaaoffccehffldolecpkgpej" => Key deleted successfully.
BLKWGU(Belkin) => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
WUSB54GSCv2.NTx86 => Service deleted successfully.
WZCSVC => Service deleted successfully.
C:\Users\Calah\AppData\Roaming\PFP110JCM.{PB => Moved successfully.
C:\Users\Calah\AppData\Roaming\PFP110JPR.{PB => Moved successfully.
C:\Users\Calah\AppData\Roaming\usb.dat.bin => Moved successfully.
C:\Users\Calah\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Calah\AppData\Roaming\wklnhst.dat => Moved successfully.
C:\Users\Calah\AppData\Local\d3d8caps.dat => Moved successfully.
C:\Users\Calah\AppData\Local\d3d9caps.dat => Moved successfully.
C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Calah\AppData\Local\q5gqe0424am05scv43hgb2l8620k56 => Moved successfully.
C:\ProgramData\as98213.txt => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\ProgramData\kjhy64.txt => Moved successfully.
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-1634817539-8173870-1952294464-1000\$e4d32658a0e08d011346561bc99967d9 => Directory moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e4d32658a0e08d011346561bc99967d9 => Deleted successfully.
C:\Users\Calah\CruzerSync_v3_2_016.exe => Moved successfully.

==== End of Fixlog 20:55:00 ====
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Calah [Administrator]
Started from : C:\Users\Calah\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/02/2015 21:45:53

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B} -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05D4258B-77F0-43BB-8084-9AC8B9402B92} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6D0681B8-205D-4B64-907A-F9415BD123E4} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05D4258B-77F0-43BB-8084-9AC8B9402B92} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6D0681B8-205D-4B64-907A-F9415BD123E4} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05D4258B-77F0-43BB-8084-9AC8B9402B92} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6D0681B8-205D-4B64-907A-F9415BD123E4} | DhcpNameServer : 192.168.0.1 205.171.203.226 [UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA SCSI Disk Device +++++
--- User ---
[MBR] 387fa810524a766095e6c3f12ab98deb
[BSP] 78990bd20f9f9123b17d17996f9a7e87 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 73405 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 171307008 | Size: 68980 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: HP Photosmart C4280 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_04022015_214503.log
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2015
Scan Time: 9:51:08 PM
Logfile: scan 4-2-15.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.03.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Calah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381397
Time Elapsed: 14 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v4.200 - Logfile created 02/04/2015 at 22:44:48
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Calah - JERRY
# Running from : C:\Users\Calah\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Calah\AppData\Local\PackageAware
Folder Deleted : C:\Users\Calah\AppData\Local\Innovative Solutions
Folder Deleted : C:\Users\Calah\AppData\Roaming\ParetoLogic

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKCU\Software\5928fd0b734eb44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C60E5AB-5C68-4C59-ABAA-885010B24B32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\AppDataLow\Software\DailyBibleGuideEI
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\speedypc software
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.19607


-\\ Google Chrome v41.0.2272.101

[C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [4401 bytes] - [02/04/2015 22:41:52]
AdwCleaner[S0].txt - [4410 bytes] - [02/04/2015 22:44:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4469 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Calah on Thu 04/02/2015 at 23:30:25.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Calah\appdata\local\{1BB55E1D-0EEE-486E-8B06-ADAB606FCF3A}
Successfully deleted: [Empty Folder] C:\Users\Calah\appdata\local\{3AC91899-3FD0-4BCB-A984-3C2F99F7F08F}
Successfully deleted: [Empty Folder] C:\Users\Calah\appdata\local\{F90E1BBA-2A45-424B-9322-B6864A6896CA}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/02/2015 at 23:33:55.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 15-04-01.01 - Calah 04/03/2015 18:17:09.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1144 [GMT -4:00]
Running from: c:\users\Calah\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Calah\AppData\Roaming\.#
c:\users\Calah\AppData\Roaming\.#\MBX@1730@2B2990.###
c:\users\Calah\AppData\Roaming\.#\MBX@1730@2B29C0.###
c:\users\Calah\AppData\Roaming\.#\MBX@6F0@3E2990.###
c:\users\Calah\AppData\Roaming\.#\MBX@6F0@3E29C0.###
c:\users\Calah\AppData\Roaming\.#\MBX@C34@232990.###
c:\users\Calah\AppData\Roaming\.#\MBX@C34@2329C0.###
c:\users\Calah\AppData\Roaming\.#\MBX@DA8@AB2990.###
c:\users\Calah\AppData\Roaming\.#\MBX@DA8@AB29C0.###
c:\users\Calah\AppData\Roaming\.#\MBX@E70@1B72990.###
c:\users\Calah\AppData\Roaming\.#\MBX@E70@1B729C0.###
c:\windows\msdownld.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-03-04 to 2015-04-04 )))))))))))))))))))))))))))))))
.
.
2015-04-03 22:30 . 2015-04-04 00:07 -------- dc----w- c:\users\Calah\AppData\Local\temp
2015-04-03 03:30 . 2015-04-03 03:30 -------- dc----w- C:\RegBackup
2015-04-03 02:41 . 2015-04-03 03:03 -------- dc----w- C:\AdwCleaner
2015-04-03 01:36 . 2015-04-03 01:36 35064 -c--a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-03 01:36 . 2015-04-03 01:48 -------- dc----w- c:\programdata\RogueKiller
2015-04-03 01:31 . 2015-04-03 01:31 62576 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FE82C2-5D8B-438D-8B7C-424889159647}\offreg.dll
2015-04-03 00:04 . 2015-03-14 10:06 9119072 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FE82C2-5D8B-438D-8B7C-424889159647}\mpengine.dll
2015-04-02 17:51 . 2015-04-03 00:55 -------- dc----w- C:\FRST
2015-04-02 17:10 . 2015-03-14 10:06 9119072 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-01 09:53 . 2015-03-23 15:40 908832 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C6FF1CC-7917-42E1-BE8C-D5BF1E508063}\gapaengine.dll
2015-03-18 02:49 . 2015-03-18 02:54 -------- dc----w- c:\users\Calah\AppData\Roaming\Hidden Objects Adventure
2015-03-18 02:28 . 2015-03-18 02:48 -------- dc----w- c:\users\Calah\AppData\Roaming\Hidden Objects Romance
2015-03-18 01:46 . 2015-03-18 02:09 -------- dc----w- c:\users\Calah\AppData\Roaming\Hidden Objects LesMiserables
2015-03-16 13:18 . 2015-03-18 01:43 -------- dc----w- C:\Games
2015-03-11 07:28 . 2015-01-29 01:35 369664 -c--a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 07:27 . 2015-01-29 01:35 975360 -c--a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 07:26 . 2015-02-26 00:18 2064384 -c--a-w- c:\windows\system32\win32k.sys
2015-03-11 07:12 . 2015-02-20 02:03 34304 -c--a-w- c:\windows\system32\atmlib.dll
2015-03-11 07:12 . 2015-02-20 00:28 296960 -c--a-w- c:\windows\system32\atmfd.dll
2015-03-11 07:09 . 2015-01-09 02:04 49152 -c--a-w- c:\windows\system32\csrsrv.dll
2015-03-11 07:09 . 2015-01-09 00:18 64000 -c--a-w- c:\windows\system32\smss.exe
2015-03-11 07:09 . 2015-02-26 02:01 3604408 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-11 07:09 . 2015-02-26 02:01 3552184 -c--a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 07:08 . 2015-01-21 02:02 807936 -c--a-w- c:\windows\system32\msctf.dll
2015-03-11 07:07 . 2015-03-06 04:01 279040 -c--a-w- c:\windows\system32\schannel.dll
2015-03-11 07:06 . 2014-10-13 01:12 2264064 -c--a-w- c:\windows\system32\msi.dll
2015-03-06 12:57 . 2015-04-03 02:33 114904 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-06 12:57 . 2014-11-21 11:14 51928 -c--a-w- c:\windows\system32\drivers\mwac.sys
2015-03-06 12:57 . 2014-11-21 11:14 75480 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-06 12:57 . 2014-11-21 11:14 23256 -c--a-w- c:\windows\system32\drivers\mbam.sys
2015-03-06 12:57 . 2015-03-06 12:57 -------- dc----w- c:\program files\Malwarebytes Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 15:40 . 2015-02-07 03:32 908832 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-03 10:50 . 2011-09-01 03:34 246920 -c----w- c:\windows\system32\MpSigStub.exe
2015-02-23 23:17 . 2011-03-28 23:36 23256 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-17 20:04 . 2015-02-17 20:04 1202848 -c--a-w- c:\windows\system32\FM20.DLL
2015-01-24 02:38 . 2015-01-24 02:38 12872 -c--a-w- c:\windows\system32\bootdelete.exe
2015-01-22 18:42 . 2014-11-04 14:56 13464 -c--a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-01-15 04:13 . 2015-02-11 08:06 440760 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 12017368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Calah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk]
backup=c:\windows\pss\Acer Product Registration.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-02-13 09:20 60712 -c--a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-05 06:38 526896 -c--a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
2008-04-25 20:31 319488 -c--a-w- c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-02-13 12:55 157480 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 05:54 1061704 -c--a-w- c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-15 17:15]
.
2015-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-15 17:15]
.
2015-04-03 c:\windows\Tasks\User_Feed_Synchronization-{05CA0EA7-E3AF-469B-B3BB-EF26D5711B50}.job
- c:\windows\system32\msfeedssync.exe [2015-03-11 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.0.1 205.171.203.226
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-03 20:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}"=hex:51,66,7a,6c,4c,1d,38,12,12,38,ad,
58,75,50,10,02,d8,cb,7a,2d,b5,19,2a,3d
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,f3,4b,15,34,09,f2,44,81,84,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,f3,4b,15,34,09,f2,44,81,84,bd,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2344)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\osk.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2015-04-03 20:12:25 - machine was rebooted
ComboFix-quarantined-files.txt 2015-04-04 00:12
.
Pre-Run: 11,279,216,640 bytes free
Post-Run: 12,186,406,912 bytes free
.
- - End Of File - - 2F7639B40EF935B87388C4B4C9B42502
EF932EAA6EF4C94E66A7F6CEEC7EB422
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Calah at 2015-04-03 22:22:59
Running from C:\Users\Calah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.4 - Hewlett-Packard) Hidden
A Girl in the City (HKLM\...\A Girl in the City1.0) (Version: 1.0 - TriSynergy, Inc.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3060 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3008 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice in Wonderland (HKLM\...\Alice in Wonderland1.0) (Version: 1.0 - TriSynergy, Inc.)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AV Input Selection (HKLM\...\{F429ED71-4A8B-457A-85E4-F6398CE73E58}) (Version: 1.02.0047 - YUAN)
BE Downloadable Edition (Version: 1.1 - WORDsearch Corp) Hidden
Bejeweled(R) 3 (HKLM\...\9722e9266ca0124d9b88f98c73923664) (Version: - GameHouse)
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bible Explorer Limited Edition (Version: 1.1 - WORDsearch Corp) Hidden
Big Kahuna Reef 2: Chain Reaction (HKLM\...\Big Kahuna Reef 2: Chain Reaction_is1) (Version: - Reflexive Entertainment, Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Creative WebCam Instant Driver (1.01.02.0729) (HKLM\...\Creative PD0620) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hidden Memories of a Bright Summer (HKLM\...\Hidden Memories of a Bright Summer1.0) (Version: 1.0 - TriSynergy, Inc.)
HP Support Solutions Framework (HKLM\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
iConcepts Webcam Manager (HKLM\...\iConcepts Webcam Manager) (Version: - )
iLumina Gold Premium (HKLM\...\iLuminaPremium) (Version: 2.80 - Tyndale House Publishers)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Jennifer Wolf and the Mayan Relics (HKLM\...\Jennifer Wolf and the Mayan Relics1.0) (Version: 1.0 - TriSynergy, Inc.)
Jewel Quest (remove only) (HKLM\...\JewelQuest) (Version: - JenkatGames)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KraiSoft Games Launcher (HKLM\...\KraiSoft Games Launcher) (Version: - )
Les Miserables - Cosettes Fate (HKLM\...\Les Miserables - Cosettes Fate1.0) (Version: 1.0 - TriSynergy, Inc.)
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Mahjongg - The Ultimate Collection (HKLM\...\Mahjongg - The Ultimate Collection) (Version: - On Hand Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Princess Case - A Royal Scoop (HKLM\...\The Princess Case - A Royal Scoop1.0) (Version: 1.0 - TriSynergy, Inc.)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\W32X86\3\hpcdmc32.dll (HP)
CustomCLSID: HKU\S-1-5-21-1634817539-8173870-1952294464-1000_Classes\CLSID\{dca12e79-05aa-4cd5-a088-7178ddfc73b4}\localserver32 -> C:\Users\Calah\AppData\Local\Temp\{a52d1d8e-bcca-11d4-ab7d-00b0d02332eb}\IDriver.NonElevated.exe No (the data entry has 4 more characters).

==================== Restore Points =========================

01-04-2015 00:08:27 Scheduled Checkpoint
02-04-2015 02:27:22 Scheduled Checkpoint
02-04-2015 20:02:26 Windows Update
03-04-2015 19:24:13 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-04-03 20:07 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1731CA6D-EA90-434C-82CD-72B5782B2A43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {6BB21CD6-1F45-4D73-A543-358D95C93B75} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [1999-12-31] (Microsoft Corporation)
Task: {794BDD18-6A99-4C5B-89F7-5610B37DC02C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {7A04AE51-69BE-4C8C-8700-F3B83DFFAB85} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {9D93373A-BEF3-4B67-B228-8A41C905230C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Calah => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A07C3A48-E2E6-4ECD-A808-CC95F524C587} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {AC576FD6-FD9F-4CF7-89EF-B15372A61E97} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {B2BC089F-D745-4E56-8136-A0D68AF72FED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {BB1E8E56-EE76-426B-A561-C71A0E699E2C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D52F691A-67AF-4A4F-8E2D-5915CE2E4DEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-15] (Google Inc.)
Task: {EA9014FD-D9AC-4DBE-AB60-AB7CF9FE125F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1634817539-8173870-1952294464-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {F78216C3-67C0-4CF3-ABF4-A4CF8FAE8CE3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{05CA0EA7-E3AF-469B-B3BB-EF26D5711B50}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img22.jpg
DNS Servers: 192.168.0.1 - 205.171.203.226

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK => C:\Windows\pss\hpzrcv01.LNK.CommonStartup
MSCONFIG\startupfolder: C:^Users^Calah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Acer Product Registration.lnk => C:\Windows\pss\Acer Product Registration.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1634817539-8173870-1952294464-500 - Administrator - Disabled)
Calah (S-1-5-21-1634817539-8173870-1952294464-1000 - Administrator - Enabled) => C:\Users\Calah
Guest (S-1-5-21-1634817539-8173870-1952294464-501 - Limited - Enabled)
JC (S-1-5-21-1634817539-8173870-1952294464-1010 - Administrator - Enabled) => C:\Users\JC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 08:33:20 PM) (Source: MsiInstaller) (EventID: 11706) (User: JERRY)
Description: Product: Microsoft Office Home and Student 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Error: (04/03/2015 08:32:14 PM) (Source: MsiInstaller) (EventID: 11706) (User: JERRY)
Description: Product: Microsoft Office Word MUI (English) 2007 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Users\Calah\AppData\Local\Temp\Setup00000264\SETUP.CHM.

Error: (04/03/2015 06:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/03/2015 06:37:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (04/03/2015 06:37:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic System Host

Error: (04/03/2015 06:36:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnostic Service Host

Error: (04/03/2015 06:30:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (04/03/2015 06:24:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (04/03/2015 06:15:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-04-03 22:22:48.397
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:48.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:47.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:47.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:46.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:46.385
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:46.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 22:22:45.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 18:21:10.390
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-03 18:21:09.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Athlon LE-1600
Percentage of memory in use: 35%
Total physical RAM: 1789.8 MB
Available physical RAM: 1150.85 MB
Total Pagefile: 3828.6 MB
Available Pagefile: 2930.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.11 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:71.68 GB) (Free:10.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:67.36 GB) (Free:67.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DB0ACC44)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=71.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=67.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Calah (administrator) on JERRY on 03-04-2015 22:20:08
Running from C:\Users\Calah\Downloads
Loaded Profiles: Calah (Available profiles: Calah & JC)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
BootExecute: autocheck

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-27]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.foxnews.com/", "https://www.google.com/"
CHR Profile: C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Electric Box 2) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\acadlkikicloclmmhlgfbmlglhbnnicp [2015-01-25]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-10-27]
CHR Extension: (Google Docs) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Jigsaw Puzzles) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfjbbggnhfffnobladegogdkdjheibb [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Hangman) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg [2014-11-25]
CHR Extension: (Unblock It) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\enaaiocgfnhfddlooahdapieledmlhnc [2015-01-03]
CHR Extension: (Google Sheets) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-27]
CHR Extension: (Hangman Deluxe !) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfldafmihkemlfaolfgmppbafmappjj [2015-01-21]
CHR Extension: (Jigsaw Puzzles Daily) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjcfkigenhanhgbeajpachkjahjmmbk [2014-12-31]
CHR Extension: (Mahjong Bliss) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fphdehbjgncnafljefldncnncojcjnfl [2015-01-04]
CHR Extension: (Word search) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggckablhhmjagmokplgnbamljajnhanm [2014-10-30]
CHR Extension: (Bookmark Manager) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-10]
CHR Extension: (Christmas Solitaire) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagekljofloidfdcggobddkggjkglepj [2014-12-23]
CHR Extension: (Word Search) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jigekglfaceoiilbabcffhhakffifpci [2015-01-06]
CHR Extension: (Little Alchemy) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-01-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (USA Independence Day Theme) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgggmlhfbnbhbkeogednenglhggdfif [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\Calah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-16] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-09-18] (EldoS Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-02] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 1999-12-31] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-08-12] (EldoS Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2015-01-22] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [359640 1999-12-31] (Realsil Semiconductor Corporation)
U3 mbr; \??\C:\Users\Calah\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 20:12 - 2015-04-03 20:12 - 00013717 ____C () C:\ComboFix.txt
2015-04-03 18:34 - 2015-04-03 18:34 - 00000546 ____C () C:\Windows\PFRO.log
2015-04-03 18:13 - 2015-04-03 20:12 - 00000000 ___DC () C:\ComboFix
2015-04-03 18:11 - 2015-04-03 20:12 - 00000000 ___DC () C:\Qoobox
2015-04-03 18:11 - 2011-06-26 02:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-04-03 18:11 - 2010-11-07 13:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-04-03 18:11 - 2009-04-20 00:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-04-03 18:11 - 2000-08-30 20:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-04-03 18:11 - 2000-08-30 20:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-04-03 18:11 - 2000-08-30 20:00 - 00098816 ____C () C:\Windows\sed.exe
2015-04-03 18:11 - 2000-08-30 20:00 - 00080412 ____C () C:\Windows\grep.exe
2015-04-03 18:11 - 2000-08-30 20:00 - 00068096 ____C () C:\Windows\zip.exe
2015-04-03 18:10 - 2015-04-03 20:10 - 00000000 ___DC () C:\Windows\erdnt
2015-04-03 18:10 - 2015-04-03 18:10 - 05617096 ___RC (Swearware) C:\Users\Calah\Downloads\ComboFix.exe
2015-04-02 23:33 - 2015-04-02 23:33 - 00000962 ____C () C:\Users\Calah\Desktop\JRT.txt
2015-04-02 23:30 - 2015-04-02 23:30 - 00000207 ____C () C:\Windows\tweaking.com-regbackup-JERRY-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-04-02 23:30 - 2015-04-02 23:30 - 00000000 ___DC () C:\RegBackup
2015-04-02 23:29 - 2015-04-02 23:30 - 02690981 ____C (Thisisu) C:\Users\Calah\Downloads\JRT.exe
2015-04-02 22:41 - 2015-04-02 23:03 - 00000000 ___DC () C:\AdwCleaner
2015-04-02 22:40 - 2015-04-02 22:40 - 02208768 ____C () C:\Users\Calah\Downloads\adwcleaner_4.200.exe
2015-04-02 22:37 - 2015-04-02 22:37 - 00001064 ____C () C:\Users\Calah\Desktop\scan 4-2-15.txt
2015-04-02 21:36 - 2015-04-02 21:48 - 00000000 ___DC () C:\ProgramData\RogueKiller
2015-04-02 21:36 - 2015-04-02 21:36 - 00035064 ____C () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-02 21:33 - 2015-04-02 21:33 - 00000559 ____C () C:\Users\Calah\Desktop\RogueKiller - Shortcut.lnk
2015-04-02 21:30 - 2015-04-02 21:31 - 16748632 ____C () C:\Users\Calah\Downloads\RogueKiller.exe
2015-04-02 21:23 - 2015-04-02 21:23 - 00000532 ____C () C:\Users\Calah\Desktop\Fixlog - Shortcut.lnk
2015-04-02 21:20 - 2015-04-02 21:23 - 00006656 ____C () C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-02 20:53 - 2015-04-02 20:53 - 00030491 ____C () C:\Users\Calah\Desktop\FRST.txt
2015-04-02 20:50 - 2015-04-02 20:50 - 00003616 ____C () C:\Users\Calah\Desktop\fixlist.txt
2015-04-02 13:57 - 2015-04-02 13:58 - 00024027 ____C () C:\Users\Calah\Downloads\Addition.txt
2015-04-02 13:53 - 2015-04-03 22:21 - 00012789 ____C () C:\Users\Calah\Downloads\FRST.txt
2015-04-02 13:51 - 2015-04-03 22:20 - 00000000 ___DC () C:\FRST
2015-04-02 13:50 - 2015-04-02 13:51 - 01135104 ____C (Farbar) C:\Users\Calah\Downloads\FRST.exe
2015-03-31 10:43 - 2015-03-31 10:43 - 00097768 ____C () C:\Users\Calah\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-31 10:41 - 2015-03-31 10:42 - 00367008 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-03-26 11:17 - 2015-03-26 11:17 - 00529384 ____C () C:\Users\Calah\Downloads\setup.exe
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4.avi
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4 (2).avi
2015-03-26 10:51 - 2015-03-26 10:51 - 02566144 ____C () C:\Users\Calah\Downloads\4 (1).avi
2015-03-17 22:49 - 2015-03-17 22:54 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects Adventure
2015-03-17 22:28 - 2015-03-17 22:48 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects Romance
2015-03-17 21:46 - 2015-03-17 22:09 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Hidden Objects LesMiserables
2015-03-17 21:43 - 2015-03-17 21:43 - 00001754 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\The Princess Case - A Royal Scoop.lnk
2015-03-17 21:43 - 2015-03-17 21:43 - 00001730 ____C () C:\Users\Calah\Desktop\The Princess Case - A Royal Scoop.lnk
2015-03-17 21:43 - 2015-03-17 21:43 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Princess Case - A Royal Scoop
2015-03-17 21:30 - 2015-03-17 21:30 - 00001771 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Les Miserables - Cosettes Fate.lnk
2015-03-17 21:30 - 2015-03-17 21:30 - 00001747 ____C () C:\Users\Calah\Desktop\Les Miserables - Cosettes Fate.lnk
2015-03-17 21:30 - 2015-03-17 21:30 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Les Miserables - Cosettes Fate
2015-03-17 21:24 - 2015-03-17 21:24 - 00001779 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Jennifer Wolf and the Mayan Relics.lnk
2015-03-17 21:24 - 2015-03-17 21:24 - 00001755 ____C () C:\Users\Calah\Desktop\Jennifer Wolf and the Mayan Relics.lnk
2015-03-17 21:24 - 2015-03-17 21:24 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jennifer Wolf and the Mayan Relics
2015-03-16 09:26 - 2015-03-16 09:26 - 00001863 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Hidden Memories of a Bright Summer.lnk
2015-03-16 09:26 - 2015-03-16 09:26 - 00001839 ____C () C:\Users\Calah\Desktop\Hidden Memories of a Bright Summer.lnk
2015-03-16 09:26 - 2015-03-16 09:26 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Memories of a Bright Summer
2015-03-16 09:20 - 2015-03-16 09:20 - 00001612 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Alice in Wonderland.lnk
2015-03-16 09:20 - 2015-03-16 09:20 - 00001588 ____C () C:\Users\Calah\Desktop\Alice in Wonderland.lnk
2015-03-16 09:20 - 2015-03-16 09:20 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alice in Wonderland
2015-03-16 09:18 - 2015-03-17 21:43 - 00000000 ___DC () C:\Games
2015-03-16 09:18 - 2015-03-16 09:18 - 00001596 ____C () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\A Girl in the City.lnk
2015-03-16 09:18 - 2015-03-16 09:18 - 00001572 ____C () C:\Users\Calah\Desktop\A Girl in the City.lnk
2015-03-16 09:18 - 2015-03-16 09:18 - 00000000 ___DC () C:\Users\Public\Documents\JustAdventure
2015-03-16 09:18 - 2015-03-16 09:18 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Girl in the City
2015-03-11 21:15 - 2015-03-11 21:16 - 06824950 ____C () C:\Users\Calah\Downloads\avatar-hentai-video (1).flv
2015-03-11 21:15 - 2015-03-11 21:15 - 06824950 ____C () C:\Users\Calah\Downloads\avatar-hentai-video.flv
2015-03-11 03:28 - 2015-01-28 21:35 - 00369664 ____C (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 03:27 - 2015-01-28 21:35 - 00975360 ____C (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 03:26 - 2015-02-25 20:18 - 02064384 ____C (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 03:12 - 2015-02-19 22:03 - 00034304 ____C (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 03:12 - 2015-02-19 20:28 - 00296960 ____C (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 03:09 - 2015-02-25 22:01 - 03604408 ____C (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 03:09 - 2015-02-25 22:01 - 03552184 ____C (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 03:09 - 2015-01-08 22:04 - 00049152 ____C (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 03:09 - 2015-01-08 20:18 - 00064000 ____C (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 03:08 - 2015-01-20 22:02 - 00807936 ____C (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 03:07 - 2015-03-06 00:01 - 00279040 ____C (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 03:06 - 2014-10-12 21:12 - 02264064 ____C (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 03:05 - 2015-02-17 22:02 - 11587584 ____C (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 11084800 ____C (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 06007296 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 02006016 ____C (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 01469440 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:35 - 2015-02-12 21:01 - 01214976 ____C (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00916992 ____C (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00630784 ____C (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00630272 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00420864 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00387584 ____C (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00348160 ____C (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00216576 ____C (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00206848 ____C (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00184320 ____C (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00164352 ____C (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00109056 ____C (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00105984 ____C (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00071680 ____C (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00067072 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00055808 ____C (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00055296 ____C (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00043520 ____C (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:35 - 2015-02-12 21:01 - 00019456 ____C (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-03-11 00:35 - 2015-02-12 19:31 - 00385024 ____C (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 00:35 - 2015-02-12 19:24 - 01638912 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:35 - 2015-02-12 19:24 - 00174080 ____C (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 00:35 - 2015-02-12 19:24 - 00133632 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:35 - 2015-02-12 19:24 - 00013312 ____C (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-08 22:30 - 2015-03-08 22:30 - 01582394 ____C () C:\Users\Calah\Downloads\JigsawPuzzleLite_Game_6.exe
2015-03-06 10:42 - 2015-03-06 10:42 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (3).exe
2015-03-06 10:39 - 2010-03-10 00:26 - 00903945 ____C () C:\Users\Calah\Desktop\Windows6.0-KB981013-x86.msu
2015-03-06 10:38 - 2015-03-06 10:38 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (2).exe
2015-03-06 10:33 - 2010-03-10 00:26 - 00903945 ____C () C:\Users\Calah\Downloads\Windows6.0-KB981013-x86.msu
2015-03-06 10:32 - 2015-03-06 10:33 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip (1).exe
2015-03-06 10:30 - 2015-03-06 10:31 - 01033064 ____C () C:\Users\Calah\Downloads\408815_intl_i386_zip.exe
2015-03-06 08:57 - 2015-04-02 22:33 - 00114904 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 08:57 - 2015-03-06 08:57 - 00000903 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-06 08:57 - 2015-03-06 08:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-06 08:57 - 2015-03-06 08:57 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2015-03-06 08:57 - 2014-11-21 07:14 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-06 08:57 - 2014-11-21 07:14 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-06 08:57 - 2014-11-21 07:14 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-06 08:50 - 2015-03-06 08:56 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Calah\Downloads\mbam-setup-2.0.4.1028.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 22:18 - 2014-10-27 19:24 - 00001975 ____C () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 22:18 - 2014-04-15 13:15 - 00000886 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 20:35 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 20:35 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 20:33 - 2008-04-30 14:26 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-04-03 20:12 - 2006-11-02 07:18 - 00000000 _RHDC () C:\Users\Default
2015-04-03 20:12 - 2006-11-02 07:18 - 00000000 __RDC () C:\Users\Public
2015-04-03 20:07 - 2014-04-15 13:15 - 00000882 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 20:07 - 2006-11-02 06:23 - 00000215 ____C () C:\Windows\system.ini
2015-04-03 18:42 - 2015-02-19 02:16 - 02059585 ____C () C:\Windows\WindowsUpdate.log
2015-04-03 18:39 - 2006-11-02 06:33 - 00759542 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 18:35 - 2008-11-10 10:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-03 18:35 - 2006-11-02 09:01 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-04-03 18:11 - 2006-11-02 09:01 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 06:37 - 2015-01-26 08:34 - 00000422 ___HC () C:\Windows\Tasks\User_Feed_Synchronization-{05CA0EA7-E3AF-469B-B3BB-EF26D5711B50}.job
2015-04-02 20:55 - 2008-11-05 15:11 - 00000000 ___DC () C:\Users\Calah
2015-04-02 08:13 - 2006-11-02 07:18 - 00000000 ___DC () C:\Windows\tracing
2015-03-17 00:34 - 2013-06-28 02:21 - 00000000 ___DC () C:\Users\Calah\AppData\Roaming\HdO Adventure
2015-03-11 03:26 - 2013-07-23 03:00 - 00000000 ___DC () C:\Windows\system32\MRT
2015-03-11 03:13 - 2006-11-02 06:24 - 119837696 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-08 22:31 - 2015-02-17 01:01 - 00000000 ___DC () C:\Program Files\KraiSoft Games

==================== Files in the root of some directories =======

2015-04-02 21:20 - 2015-04-02 21:23 - 0006656 ____C () C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 18:57

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    522 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Calah at 2015-04-04 10:41:30 Run:2
Running from C:\Users\Calah\Downloads
Loaded Profiles: Calah (Available profiles: Calah & JC)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1634817539-8173870-1952294464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\Users\Calah\AppData\Local\Temp\mbr.sys [X]
2015-04-02 21:20 - 2015-04-02 21:23 - 0006656 ____C () C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1634817539-8173870-1952294464-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found.
catchme => Service stopped successfully.
catchme => Service deleted successfully.
mbr => Service deleted successfully.
C:\Users\Calah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.

==== End of Fixlog 10:41:31 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.99
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 30 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 17-01-2015
Ran by Calah (administrator) on 04-04-2015 at 22:15:06
Running from "C:\Users\Calah\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
2015-04-05 02:41:46.943 Sophos Virus Removal Tool version 2.5.4
2015-04-05 02:41:46.943 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-05 02:41:46.943 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-05 02:41:46.943 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2015-04-05 02:41:46.959 Checking for updates...
2015-04-05 02:41:50.406 Update progress: proxy server not available
2015-04-05 02:42:07.274 Option all = no
2015-04-05 02:42:07.274 Option recurse = yes
2015-04-05 02:42:07.274 Option archive = no
2015-04-05 02:42:07.274 Option service = yes
2015-04-05 02:42:07.274 Option confirm = yes
2015-04-05 02:42:07.274 Option sxl = yes
2015-04-05 02:42:07.276 Option max-data-age = 35
2015-04-05 02:42:07.276 Option EnableSafeClean = yes
2015-04-05 02:42:10.248 Option vdl-logging = yes
2015-04-05 02:42:10.278 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-05 02:42:10.278 Machine ID: ccfd31c0efcd4a97b14f6a1ed5957bdb
2015-04-05 02:42:10.280 Component SVRTcli.exe version 2.5.4
2015-04-05 02:42:10.280 Component control.dll version 2.5.4
2015-04-05 02:42:10.280 Component SVRTservice.exe version 2.5.4
2015-04-05 02:42:10.280 Component engine\osdp.dll version 1.44.1.2183
2015-04-05 02:42:10.281 Component engine\veex.dll version 3.58.3.2183
2015-04-05 02:42:10.281 Component engine\savi.dll version 8.1.5.2183
2015-04-05 02:42:10.281 Component rkdisk.dll version 1.5.30.0
2015-04-05 02:42:10.282 Version info: Product version 2.5.4
2015-04-05 02:42:10.283 Version info: Detection engine 3.58.3
2015-04-05 02:42:10.283 Version info: Detection data 5.11
2015-04-05 02:42:10.283 Version info: Build date 2/3/2015
2015-04-05 02:42:10.283 Version info: Data files added 524
2015-04-05 02:42:10.283 Version info: Last successful update (not yet updated)
2015-04-05 02:42:46.835 Downloading updates...
2015-04-05 02:42:46.844 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-05 02:42:46.844 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-05 02:42:46.844 Update progress: [I49502] Found supplement IDE512 LATEST
2015-04-05 02:42:46.844 Update progress: [I49502] Found supplement IDE513 LATEST
2015-04-05 02:42:46.844 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-05 02:42:46.844 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-05 02:42:46.844 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-05 02:42:46.844 Update progress: [I19463] Syncing product SAVIW32 51
2015-04-05 02:42:58.073 Update progress: [I19463] Syncing product IDE512 166
2015-04-05 02:43:07.041 Installing updates...
2015-04-05 02:43:08.200 Error level 1
2015-04-05 02:43:08.220 Update progress: [I19463] Syncing product IDE513 171
2015-04-05 02:43:08.220 Update progress: [I19463] Syncing product IDE514 161
2015-04-05 02:43:08.220 Update progress: [I19463] Syncing product IDE515 33
2015-04-05 02:44:44.014 Update successful
2015-04-05 02:45:09.131 Option all = no
2015-04-05 02:45:09.131 Option recurse = yes
2015-04-05 02:45:09.131 Option archive = no
2015-04-05 02:45:09.131 Option service = yes
2015-04-05 02:45:09.131 Option confirm = yes
2015-04-05 02:45:09.131 Option sxl = yes
2015-04-05 02:45:09.133 Option max-data-age = 35
2015-04-05 02:45:09.133 Option EnableSafeClean = yes
2015-04-05 02:45:09.200 Option vdl-logging = yes
2015-04-05 02:45:09.220 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-05 02:45:09.220 Machine ID: ccfd31c0efcd4a97b14f6a1ed5957bdb
2015-04-05 02:45:09.221 Component SVRTcli.exe version 2.5.4
2015-04-05 02:45:09.222 Component control.dll version 2.5.4
2015-04-05 02:45:09.222 Component SVRTservice.exe version 2.5.4
2015-04-05 02:45:09.222 Component engine\osdp.dll version 1.44.1.2183
2015-04-05 02:45:09.222 Component engine\veex.dll version 3.58.3.2183
2015-04-05 02:45:09.222 Component engine\savi.dll version 8.1.5.2183
2015-04-05 02:45:09.223 Component rkdisk.dll version 1.5.30.0
2015-04-05 02:45:09.223 Version info: Product version 2.5.4
2015-04-05 02:45:09.224 Version info: Detection engine 3.58.3
2015-04-05 02:45:09.224 Version info: Detection data 5.11G
2015-04-05 02:45:09.225 Version info: Build date 2/3/2015
2015-04-05 02:45:09.225 Version info: Data files added 524
2015-04-05 02:45:09.225 Version info: Last successful update 4/4/2015 10:44:44 PM

2015-04-05 04:02:24.424 Could not open C:\pagefile.sys
2015-04-05 04:25:55.328 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:25:55.329 Could not open C:\System Volume Information\{8b4823b3-db3a-11e4-9f44-001d72a6a028}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:25:55.329 Could not open C:\System Volume Information\{8fe27bb9-da51-11e4-858d-001d72a6a028}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:25:55.330 Could not open C:\System Volume Information\{b01b44bb-dafc-11e4-9ba9-001d72a6a028}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:25:55.330 Could not open C:\System Volume Information\{ba0542dc-d95a-11e4-a890-001d72a6a028}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:25:55.331 Could not open C:\System Volume Information\{ef2360e8-d7b3-11e4-ad27-001d72a6a028}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-05 04:34:48.415 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Templates\q5gqe0424am05scv43hgb2l8620k56
2015-04-05 04:34:48.416 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-05 04:34:48.417 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-05 04:46:43.714 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-05 04:46:43.715 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-05 04:46:52.409 Could not open C:\Windows\System32\config\components
2015-04-05 04:46:52.533 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-04-05 04:46:52.537 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-05 04:46:52.537 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-05 04:46:52.537 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-05 04:46:52.552 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-05 04:46:52.552 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-05 04:58:44.442 Could not open C:\Windows\temp\TMP0000009AA067C26C38514FE8
2015-04-05 05:24:10.882 Could not open LOGICAL:0004:00000000
2015-04-05 05:24:10.888 Could not open E:\
2015-04-05 05:24:11.019 Could not open PHYSICAL:0081:0000:0000:0001
2015-04-05 05:24:11.116 The following items will be cleaned up:
2015-04-05 05:24:11.116 Mal/FakeAvCn-C
2015-04-05 05:31:33.680 Threat 'Mal/FakeAvCn-C' has been cleaned up.
2015-04-05 05:31:33.680 File "C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Templates\q5gqe0424am05scv43hgb2l8620k56" belongs to malware 'Mal/FakeAvCn-C'.
2015-04-05 05:31:33.680 File "C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Templates\q5gqe0424am05scv43hgb2l8620k56" has been cleaned up.
2015-04-05 05:31:33.680 Registry value "HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/FakeAvCn-C'.
2015-04-05 05:31:33.680 Registry value "HKU\S-1-5-21-1634817539-8173870-1952294464-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-04-05 05:31:33.680 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/FakeAvCn-C'.
2015-04-05 05:31:33.680 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-04-05 05:31:33.680 Removal successful
2015-04-05 05:31:33.805 Contents of SafeClean bin directory:
2015-04-05 05:31:33.805 {
2015-04-05 05:31:33.805 RecordID : "0000000000000001",
2015-04-05 05:31:33.805 ItemType : "1",
2015-04-05 05:31:33.805 Location : "C:\Users\Calah\AppData\Roaming\Microsoft\Windows\Templates\",
2015-04-05 05:31:33.805 FileName : "q5gqe0424am05scv43hgb2l8620k56",
2015-04-05 05:31:33.805 ThreatName : "Mal/FakeAvCn-C",
2015-04-05 05:31:33.805 Checksum : "03106e7d56fb556fbb8185e4abecb5d2a251f7002dfe9a7b70f66f7fb81c7873",
2015-04-05 05:31:33.805 TimeStamp : "Sun Apr 05 01:31:26 2015"
2015-04-05 05:31:33.805 }
2015-04-05 05:31:41.667 Error level 0
 
Thank you for your help so far!!! I could have never done this on my own. A little history of what brought me to your site. For about two years now I have been having issues with streaming videos on this machine. Sites like Fox News will play videos but when the Flash Player is enabled the video is very choppy and the audio is not synced. When I disable Flash the audio is ok but the quality is poor. I have tried several things to correct this like: removing Adobe and re installing, choosing google chrome over ie, paid to have my machine cleaned by Century link (my High speed provider) I have been told I might have a bandwidth issue, but I don't have the experience to check this out. Any help you could give on this issue would be appreciated.
 
redtarget.gif
I don't actually see Adobe Flash even installed on your computer.
Install Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
We have couple of registry issues.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download win-vista-action-center-notification-icon-missing.reg from here: http://www.bleepstatic.com/fhost/uploads/1/win-vista-action-center-notification-icon-missing.reg
Double-click on downloaded file and confirm the prompt.

Download SharedAccess.reg
Double-click on downloaded file and confirm the prompt.

Restart computer.
Post new FSS log.
 
Farbar Service Scanner Version: 17-01-2015
Ran by Calah (administrator) on 05-04-2015 at 21:31:49
Running from "C:\Users\Calah\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

zohaibahd
Samsung and Google take on Dolby Atmos with a new royalty-free audio format
Replies
15
Views
459
Tran Bronstein
Tran Bronstein
A
YouTube cracks down (again) on ad blockers, frustrating users
2 3
Replies
55
Views
873
bitwarden
B
Bob O'Donnell
Adobe expands generative AI with Firefly video, launching today
Replies
0
Views
175
Bob O'Donnell
Bob O'Donnell

Latest posts

Back