Solved DNS_PROBE_FINISHED_NO_INTERNET after malware removal

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif



Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif



Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif



Go to Repairs tab and click Open Repairs button.

p22012124.gif


In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif


Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
The internet works now! And it also doesn't say my copy of window is not genuine! Thank you so much Broni!! You're awesome!! :D

Tweaking.com - Windows Repair v3.7.3
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: USER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\User
Current Profile SID: S-1-5-21-332799431-1520625345-1691349392-1000
Current Profile Classes: S-1-5-21-332799431-1520625345-1691349392-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\User\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:04:07

Process Count: 56
Commit Total: 1.14 GB
Commit Limit: 3.73 GB
Commit Peak: 1.31 GB
Handle Count: 12795
Kernel Total: 197.29 MB
Kernel Paged: 156.35 MB
Kernel Non Paged: 40.94 MB
System Cache: 446.14 MB
Thread Count: 607
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.86 GB
Memory Used: 979.49 MB(51.3207%)
Memory Avail.: 929.07 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.86 GB
Memory Used: 802.57 MB(42.0512%)
Memory Avail.: 1.08 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (29/12/2015 4:50:07 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 40

01 - Reset Registry Permissions
Restore Windows 7/8/10 Default Registry Permissions
Start (29/12/2015 4:50:11 PM)


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done, 0.36 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done, 5.29 seconds.

Running Repair Under System Account
Done (29/12/2015 4:58:19 PM)

02 - Reset File Permissions: C:
C: & Sub Folders
Start (29/12/2015 4:58:19 PM)

Running Repair Under Current User Account
Done (29/12/2015 5:09:47 PM)

02 - Reset File Permissions
Restore Windows 7/8/10 Default File Permissions
Start (29/12/2015 5:09:47 PM)


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done, 0.2 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done, 0.38 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done, 0.28 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done, 0.28 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done, 0.27 seconds.


Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done, 4.18 seconds.

Running Repair Under Current User Account
Done (29/12/2015 5:15:51 PM)

02 - Reset File Permissions: Cleanup
Repairing Restricted Folders Permissions To Avoid Infinite Loops
Start (29/12/2015 5:15:51 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:15:55 PM)

03 - Reset Service Permissions
Start (29/12/2015 5:15:55 PM)

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:17:38 PM)

04 - Register System Files
Start (29/12/2015 5:17:38 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:19:34 PM)

05 - Repair WMI
Start (29/12/2015 5:19:34 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Microsoft Security Essentials Exported.

Exporting AntiSpyware Info...
Microsoft Security Essentials Exported.
Windows Defender Exported.

Exporting 3rd Party Firewall Info...
No Firewall Products Reported.

Running Repair Under Current User Account
Done (29/12/2015 5:23:34 PM)

06 - Repair Windows Firewall
Start (29/12/2015 5:23:34 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.33 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:24:07 PM)

07 - Repair Internet Explorer
Start (29/12/2015 5:24:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:24:46 PM)

08 - Repair MDAC/MS Jet
Start (29/12/2015 5:24:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:25:03 PM)

09 - Repair Hosts File
Start (29/12/2015 5:25:04 PM)
Running Repair Under System Account
Done (29/12/2015 5:25:06 PM)

10 - Remove Policies Set By Infections
Start (29/12/2015 5:25:06 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:25:15 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (29/12/2015 5:25:15 PM)
Running Repair Under System Account
Done (29/12/2015 5:25:17 PM)

12 - Repair Icons
Start (29/12/2015 5:25:17 PM)
Running Repair Under Current User Account
Done (29/12/2015 5:25:20 PM)

13 - Repair Network
Start (29/12/2015 5:25:20 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.28 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:25:54 PM)

14 - Remove Temp Files
Start (29/12/2015 5:25:54 PM)
Running Repair Under System Account
Done (29/12/2015 5:25:57 PM)

15 - Repair Proxy Settings
Start (29/12/2015 5:25:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:25:59 PM)

17 - Repair Windows Updates
Start (29/12/2015 5:25:59 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.29 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (29/12/2015 5:27:23 PM)

18 - Repair CD/DVD Missing/Not Working
Start (29/12/2015 5:27:23 PM)
iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
UpperFilters added?: True
Done (29/12/2015 5:27:23 PM)

19 - Repair Volume Shadow Copy Service
Start (29/12/2015 5:27:23 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.63 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:00 PM)

20 - Repair Windows Sidebar/Gadgets
Start (29/12/2015 5:28:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:10 PM)

21 - Repair MSI (Windows Installer)
Start (29/12/2015 5:28:10 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.29 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:37 PM)

22 - Repair Windows Snipping Tool
Start (29/12/2015 5:28:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:42 PM)

23.01 - Repair bat Association
Start (29/12/2015 5:28:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:46 PM)

23.02 - Repair cmd Association
Start (29/12/2015 5:28:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:50 PM)

23.03 - Repair com Association
Start (29/12/2015 5:28:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:54 PM)

23.04 - Repair Directory Association
Start (29/12/2015 5:28:54 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:28:58 PM)

23.05 - Repair Drive Association
Start (29/12/2015 5:28:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:02 PM)

23.06 - Repair exe Association
Start (29/12/2015 5:29:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:04 PM)

23.07 - Repair Folder Association
Start (29/12/2015 5:29:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:06 PM)

23.08 - Repair inf Association
Start (29/12/2015 5:29:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:09 PM)

23.09 - Repair lnk (Shortcuts) Association
Start (29/12/2015 5:29:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:12 PM)

23.10 - Repair msc Association
Start (29/12/2015 5:29:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:16 PM)

23.11 - Repair reg Association
Start (29/12/2015 5:29:16 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:20 PM)

23.12 - Repair scr Association
Start (29/12/2015 5:29:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:23 PM)

24 - Repair Windows Safe Mode
Start (29/12/2015 5:29:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:25 PM)

25 - Repair Print Spooler
Start (29/12/2015 5:29:26 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.28 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:29:47 PM)

26 - Restore Important Windows Services
Start (29/12/2015 5:29:47 PM)

Decompressing & Updating Windows Permission File C:\Users\User\Documents\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done, 0.31 seconds.

Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:30:07 PM)

27 - Set Windows Services To Default Startup
Start (29/12/2015 5:30:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:30:49 PM)

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

Skipping Repair.
Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
Current version: 6.1.7601

31 - Repair Windows 'New' Submenu
Start (29/12/2015 5:30:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:30:53 PM)

32 - Restore UAC (User Account Control) Settings
Start (29/12/2015 5:30:53 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (29/12/2015 5:30:56 PM)

33 - Repair Performance Counters
Start (29/12/2015 5:30:56 PM)
Running Repair Under Current User Account
Done (29/12/2015 5:31:17 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (29/12/2015 5:31:17 PM)
Total Repair Time: 00:41:13


...YOU MUST RESTART YOUR SYSTEM...
 
Excellent :)

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Administrator]
Started from : C:\Users\User\Downloads\RogueKiller.exe
Mode : Delete -- Date : 12/30/2015 13:03:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A65E4E33-E079-4F61-A2DF-A7CA916A206B} | DhcpNameServer : 10.9.0.1 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A65E4E33-E079-4F61-A2DF-A7CA916A206B} | DhcpNameServer : 10.9.0.1 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A65E4E33-E079-4F61-A2DF-A7CA916A206B} | DhcpNameServer : 10.9.0.1 ([X]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-60HXZT3 ATA Device +++++
--- User ---
[MBR] a6d6a1a1b49a193ac54b3eeb792580bf
[BSP] bee5cfba14966b4d17c1eb7780f4dad1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 255999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 524492800 | Size: 220839 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK

*******************************************************************************************************************************************************

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/12/2015
Scan Time: 1:05 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.29.02
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325687
Time Elapsed: 27 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\{9E6892AE-EDB8-490A-9FDD-5A9770E7909E}, Quarantined, [a4325b4facdfc96d9ef133d92cd8eb15],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, Quarantined, [25b144669af1f541b2dd31862bd7966a],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, Quarantined, [8e4877337c0f86b0256bebcc4cb62fd1],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, Quarantined, [4492f0ba553646f0c9c84a6d0cf6619f],
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\{9E6892AE-EDB8-490A-9FDD-5A9770E7909E}, Quarantined, [8c4aa8021774d2643d529c709b695ea2],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, Quarantined, [964012988cffe74fafe0c8ef2ad8f60a],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, Quarantined, [af273278216ab581731dbff85ca6b14f],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, Quarantined, [74624c5eec9f8babc9c88631ae54b14f],
PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz121220152318, Quarantined, [54825a508a01270fe80264b0f50f1ce4],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\CITADEX, Quarantined, [429407a37f0ce2546a370c06e12322de],

Registry Values: 1
PUP.Optional.ConsumerInput, HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\CITADEX, dm20150930, Quarantined, [429407a37f0ce2546a370c06e12322de]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\update, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
Adware.LaSuperba, C:\uninst, Quarantined, [61758d1dd6b59c9a5aed794981837e82],

Files: 5
Adware.PennyBee, C:\Users\User\AppData\Roaming\WiiccuAtifi\Sajnegm.exe, Quarantined, [34a2ddcdccbf60d6f6345665ed144db3],
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log\ProtectWindowsManager_2015-12-13[17-06-19-291].log, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
PUP.Optional.WindowsProtectManager, C:\ProgramData\Tmp0x0x\log\ProtectWindowsManager_2015-12-13[17-23-10-946].log, Quarantined, [7066fbafa7e452e4c1a15561847e9769],
Adware.LaSuperba, C:\uninst\uninstall.html, Quarantined, [61758d1dd6b59c9a5aed794981837e82],

Physical Sectors: 0
(No malicious items detected)


(end)

*******************************************************************************************************************************************************

# AdwCleaner v5.026 - Logfile created 30/12/2015 at 14:06:40
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [732 bytes] ##########


*******************************************************************************************************************************************************

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by User (Administrator) on Wed 30/12/2015 at 14:16:14.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SurfEasyVPN (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 30/12/2015 at 14:20:57.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 15-12-29.01 - User 30/12/2015 15:57:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1909.354 [GMT 11:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2015-11-28 to 2015-12-30 )))))))))))))))))))))))))))))))
.
.
2015-12-30 05:07 . 2015-12-30 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-30 03:21 . 2015-12-30 03:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7078BEF-BA67-49EA-AC48-15B1AF5DFB5A}\offreg.dll
2015-12-29 23:19 . 2015-12-29 23:24 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-29 23:19 . 2015-12-29 23:21 -------- d-----w- c:\programdata\RogueKiller
2015-12-29 07:50 . 2015-12-29 07:49 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-12-29 07:50 . 2015-12-29 07:36 386096 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-29 07:49 . 2015-12-29 07:49 466400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-12-29 07:38 . 2015-12-29 07:38 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
2015-12-29 07:36 . 2015-12-29 07:36 -------- d-----w- c:\program files\Common Files\AV
2015-12-29 07:36 . 2015-12-29 07:36 -------- d-----w- c:\program files (x86)\Common Files\AV
2015-12-29 07:36 . 2015-12-29 07:36 155304 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-12-29 07:36 . 2015-12-29 07:36 273784 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-29 07:36 . 2015-12-29 07:37 97648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-29 07:36 . 2015-12-29 07:37 451040 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-29 07:36 . 2015-12-29 07:36 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-29 07:36 . 2015-12-29 07:36 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-29 07:36 . 2015-12-29 07:36 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-12-29 07:36 . 2015-12-29 07:35 1055560 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-29 07:35 . 2015-12-29 07:35 43112 ----a-w- c:\windows\avastSS.scr
2015-12-29 07:32 . 2015-12-29 07:49 -------- d-----w- c:\program files\AVAST Software
2015-12-29 07:31 . 2015-12-29 07:50 -------- d-----w- c:\programdata\AVAST Software
2015-12-29 06:26 . 2015-12-29 07:01 -------- d-----w- c:\windows\system32\catroot2
2015-12-29 06:19 . 2015-12-29 06:19 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-12-27 06:16 . 2015-12-30 03:06 -------- d-----w- C:\AdwCleaner
2015-12-27 06:11 . 2015-12-28 01:03 -------- d-----w- C:\FRST
2015-12-13 12:51 . 2015-12-30 03:26 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-13 12:51 . 2015-12-13 12:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-13 12:51 . 2015-12-13 12:51 -------- d-----w- c:\programdata\Malwarebytes
2015-12-13 12:51 . 2015-10-04 22:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-13 12:51 . 2015-10-04 22:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-13 12:51 . 2015-10-04 22:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-13 12:47 . 2015-12-30 05:07 -------- d-----w- c:\users\User\AppData\Local\Temp
2015-12-13 12:29 . 2015-12-13 12:49 -------- d-----w- C:\zoek
2015-12-13 06:28 . 2015-12-13 06:28 -------- d-----w- c:\users\User\.MCTranscodingSDK
2015-12-13 06:24 . 2015-12-13 06:24 -------- d-----w- c:\windows\system32\mut
2015-12-13 06:24 . 2015-12-30 02:33 -------- d-----w- c:\users\User\AppData\Roaming\WiiccuAtifi
2015-12-13 06:14 . 2015-12-13 06:57 -------- d-----w- c:\program files (x86)\Opera
2015-12-13 06:13 . 2015-12-13 06:19 -------- d-----w- c:\users\User\AppData\Roaming\DivX
2015-12-13 06:12 . 2015-12-13 08:45 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2015-12-13 06:06 . 2015-12-13 11:22 -------- d-----w- c:\program files (x86)\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-09 03:39 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-23 08:10 . 2013-03-01 23:53 140158008 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-29 7021880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-27 07:46 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 01:24]
.
2015-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-20 01:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-29 07:36 873304 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{8D0716F8-13A1-470D-8825-D6B5517B4D10}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NSU_agent - c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
AddRemove-zz.10811.ssp - c:\program files (x86)\SpaceSondPro\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-30 16:13:45
ComboFix-quarantined-files.txt 2015-12-30 05:13
.
Pre-Run: 100,329,279,488 bytes free
Post-Run: 100,034,707,456 bytes free
.
- - End Of File - - 29F8C36F72AEB74D4E8152753AAD13C3
A36C5E4F47E84449FF07ED3517B43A31
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by User (administrator) on USER-PC (31-12-2015 08:24:05)
Running from C:\Users\User\AppData\Local\Temp\WPDNSE\{00000352-0001-0001-0000-000000000000}
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-29] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-29] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{239856E5-60B8-4CF9-B591-8212CF9FF45A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{52E928E2-4121-46AF-B14C-7362DCA0B379}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{627FEDE6-4E3F-41D6-A9B2-9EE5AC7E8ABE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{78575C46-E380-4208-8D11-13EC7AE2CABE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8789EBBE-4FE2-49ED-A4CA-6CB28881CAE3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8D0716F8-13A1-470D-8825-D6B5517B4D10}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{A65E4E33-E079-4F61-A2DF-A7CA916A206B}: [DhcpNameServer] 10.9.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-332799431-1520625345-1691349392-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-332799431-1520625345-1691349392-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-332799431-1520625345-1691349392-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-29] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-29] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-03] (Oracle Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-03] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4 Web Plugin\npInquisit.dll [2014-03-14] (Millisecond Software)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-09] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-29]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-10-31]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-06]
CHR Extension: (Google Keep - notes and lists) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-12]
CHR Extension: (Disconnect) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-18]
CHR Extension: (MailTrack for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-29]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-29] (AVAST Software)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-29] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-29] (AVAST Software)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39048 2015-03-05] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-30] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 16:13 - 2015-12-30 16:13 - 00017842 _____ C:\ComboFix.txt
2015-12-30 15:54 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-30 15:54 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-30 15:54 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-30 15:53 - 2015-12-30 16:13 - 00000000 ____D C:\Qoobox
2015-12-30 15:53 - 2015-12-30 16:09 - 00000000 ____D C:\Windows\erdnt
2015-12-30 15:52 - 2015-12-30 15:51 - 05643545 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-12-30 15:50 - 2015-12-30 15:51 - 05643545 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-12-30 14:28 - 2015-12-30 14:28 - 00003929 _____ C:\Users\User\Desktop\malware.txt
2015-12-30 14:20 - 2015-12-30 14:20 - 00000758 _____ C:\Users\User\Desktop\JRT.txt
2015-12-30 14:15 - 2015-12-30 13:41 - 01599336 ____N (Malwarebytes) C:\Users\User\Desktop\JRT.exe
2015-12-30 13:40 - 2015-12-30 13:41 - 01743360 _____ C:\Users\User\Downloads\adwcleaner_5.026.exe
2015-12-30 13:04 - 2015-12-30 13:04 - 00003930 _____ C:\Users\User\Desktop\next reply.txt
2015-12-30 10:19 - 2015-12-30 10:24 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-30 10:19 - 2015-12-30 10:21 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-30 10:18 - 2015-12-30 10:18 - 20835400 _____ C:\Users\User\Downloads\RogueKiller.exe
2015-12-29 18:54 - 2015-12-29 18:54 - 00003030 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1451375648
2015-12-29 18:54 - 2015-12-29 18:54 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-29 18:54 - 2015-12-29 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-29 18:50 - 2015-12-29 18:49 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-12-29 18:50 - 2015-12-29 18:36 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-29 18:49 - 2015-12-29 18:49 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-12-29 18:38 - 2015-12-29 18:38 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2015-12-29 18:37 - 2015-12-29 18:37 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-29 18:36 - 2015-12-29 18:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-29 18:36 - 2015-12-29 18:37 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-29 18:36 - 2015-12-29 18:37 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-29 18:36 - 2015-12-29 18:35 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-29 18:35 - 2015-12-29 18:35 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-29 18:32 - 2015-12-29 18:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-29 18:31 - 2015-12-29 18:50 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-29 18:31 - 2015-12-29 18:31 - 05066096 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2015-12-29 16:16 - 2015-12-29 16:16 - 00003304 _____ C:\bootsqm.dat
2015-12-29 15:50 - 2015-12-29 15:50 - 00000000 ____D C:\Users\User\Documents\tweaking.com_windows_repair_aio
2015-12-28 22:12 - 2015-12-28 22:12 - 00262144 _____ C:\Windows\Minidump\122815-25662-01.dmp
2015-12-27 17:16 - 2015-12-30 14:06 - 00000000 ____D C:\AdwCleaner
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\zoek_backup
2015-12-27 17:11 - 2015-12-31 08:24 - 00000000 ____D C:\FRST
2015-12-27 17:05 - 2015-12-27 17:08 - 00389162 _____ C:\TDSSKiller.3.1.0.9_27.12.2015_17.05.35_log.txt
2015-12-14 11:54 - 2015-12-14 11:55 - 00000720 _____ C:\DelFix.txt
2015-12-13 23:51 - 2015-12-30 14:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 23:51 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-13 23:51 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-13 23:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 23:29 - 2015-12-13 23:49 - 00000000 ____D C:\zoek
2015-12-13 19:53 - 2015-12-13 19:53 - 00003148 _____ C:\Windows\System32\Tasks\{D19222F7-393E-46E5-817F-D657D32F3978}
2015-12-13 17:49 - 2015-12-13 22:52 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fc32h45r31o78m97e.lnk
2015-12-13 17:40 - 2015-12-13 19:26 - 00944642 _____ C:\Windows\ntbtlog.txt
2015-12-13 17:28 - 2015-12-13 17:28 - 00000000 ____D C:\Users\User\.MCTranscodingSDK
2015-12-13 17:25 - 2015-12-13 17:48 - 00004840 _____ C:\Windows\SysWOW64\Papogaj.ini
2015-12-13 17:25 - 2015-12-13 17:48 - 00002560 _____ C:\Windows\SysWOW64\PapogajOff.ini
2015-12-13 17:25 - 2015-12-13 17:48 - 00002560 _____ C:\Windows\system32\PapogajOff.ini
2015-12-13 17:24 - 2015-12-30 13:33 - 00000000 ____D C:\Users\User\AppData\Roaming\WiiccuAtifi
2015-12-13 17:24 - 2015-12-13 17:25 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2015-12-13 17:24 - 2015-12-13 17:24 - 00000000 ____D C:\Windows\system32\mut
2015-12-13 17:23 - 2015-12-13 17:23 - 00003336 _____ C:\Windows\System32\Tasks\Dedketde
2015-12-13 17:17 - 2015-12-13 17:17 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449987422
2015-12-13 17:14 - 2015-12-13 17:57 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-13 17:13 - 2015-12-13 17:19 - 00000000 ____D C:\Users\User\AppData\Roaming\DivX
2015-12-13 17:10 - 2015-12-13 17:10 - 00000973 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-13 17:06 - 2015-12-13 22:22 - 00000000 ____D C:\Program Files (x86)\DivX
2015-12-11 13:24 - 2015-12-11 13:25 - 00173281 _____ C:\Users\User\Downloads\Resume_THIS ONE.pdf
2015-12-11 13:23 - 2015-12-11 13:23 - 00061024 _____ C:\Users\User\Downloads\passport certified.pdf
2015-12-11 13:20 - 2015-12-11 13:21 - 00626898 _____ C:\Users\User\Downloads\counselling certified.pdf
2015-12-11 13:16 - 2015-12-11 13:17 - 00223781 _____ C:\Users\User\Downloads\VCE certfied.pdf
2015-12-11 13:09 - 2015-12-11 13:09 - 00457835 _____ C:\Users\User\Downloads\mentoring certified.pdf
2015-12-09 16:50 - 2015-12-09 16:51 - 00385537 _____ C:\Users\User\Downloads\mental_status_exam (1).ppt
2015-12-09 16:34 - 2015-12-09 16:35 - 00385537 _____ C:\Users\User\Downloads\mental_status_exam.ppt
2015-12-09 13:06 - 2015-12-09 13:06 - 00402030 _____ C:\Users\User\Downloads\106207-148082-1-PB (1).pdf
2015-12-08 15:53 - 2015-12-08 15:54 - 00402030 _____ C:\Users\User\Downloads\106207-148082-1-PB.pdf
2015-12-06 16:17 - 2015-12-06 16:19 - 03127032 _____ C:\Users\User\Downloads\The_relationship_between_accul.PDF
2015-12-02 16:10 - 2015-12-02 16:10 - 00848896 _____ C:\Users\User\Downloads\PRESENTATION WITHOUT NOTES.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-31 08:20 - 2013-02-20 21:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 08:20 - 2013-02-20 21:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 16:07 - 2009-07-14 14:20 - 00000000 ____D C:\Windows
2015-12-30 16:07 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-12-30 14:13 - 2009-07-14 15:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-30 14:13 - 2009-07-14 15:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 14:12 - 2009-07-14 16:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-30 14:12 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2015-12-30 14:08 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 18:49 - 2013-03-26 13:34 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-29 18:00 - 2013-02-16 17:53 - 00065992 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-29 18:00 - 2009-07-14 15:45 - 00304416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-29 17:28 - 2013-02-20 20:06 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-12-29 17:24 - 2009-07-14 13:34 - 00000423 _____ C:\Windows\win.ini
2015-12-28 23:19 - 2013-03-02 15:20 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-12-28 22:12 - 2013-08-27 13:47 - 317394209 _____ C:\Windows\MEMORY.DMP
2015-12-28 22:12 - 2013-08-27 13:47 - 00000000 ____D C:\Windows\Minidump
2015-12-28 16:17 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-28 15:21 - 2009-07-14 13:34 - 00000835 _____ C:\Windows\system32\Drivers\etc\hosts_bak_792
2015-12-27 12:58 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-14 11:03 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-12-13 20:58 - 2014-11-01 12:13 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-13 20:50 - 2014-11-26 16:36 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieBrowserModeList
2015-12-13 17:56 - 2013-02-16 12:54 - 00001413 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 17:33 - 2013-02-20 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-13 17:31 - 2013-02-16 12:54 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-12-13 17:10 - 2009-07-14 13:34 - 00000973 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-12-13 17:06 - 2015-10-06 13:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 17:06 - 2013-02-20 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-09 14:39 - 2010-11-21 14:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 16:35 - 2013-02-20 21:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 16:35 - 2013-02-20 21:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 13:36

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by User (2015-12-31 08:25:33)
Running from C:\Users\User\AppData\Local\Temp\WPDNSE\{00000352-0001-0001-0000-000000000000}
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-16 01:53:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-332799431-1520625345-1691349392-500 - Administrator - Disabled)
Guest (S-1-5-21-332799431-1520625345-1691349392-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-332799431-1520625345-1691349392-1002 - Limited - Enabled)
User (S-1-5-21-332799431-1520625345-1691349392-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-332799431-1520625345-1691349392-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Gail Howard's Smart Luck Wheel Gold™ version Smart Luck Wheel G (HKLM-x32\...\{47D357C6-2AC9-4AC6-A46C-9C8F14ABC734}_is1) (Version: Smart Luck Wheel Gold™ Version 4.0.0.30 - Gail Howard's)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
Hot Virtual Keyboard 8.0.1.0 (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.0 - Comfort Software Group)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
Inquisit 4 Web Plugin (HKLM-x32\...\{5C106AB3-C513-45B1-8D5A-C6DDFCE706AF}) (Version: 4.0.5.0 - Millisecond Software)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
pocketwifi (HKLM-x32\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
PSPP (HKLM-x32\...\PSPP) (Version: 0.8.4 - Free Software Foundation, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.10811.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SurfEasy VPN 3.1.401 (HKLM-x32\...\SurfEasy VPN) (Version: 3.1.401 - SurfEasy Inc)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-12-2015 16:48:45 Scheduled Checkpoint
29-12-2015 16:47:33 Tweaking.com - Windows Repair
29-12-2015 18:10:05 Windows Update
29-12-2015 18:51:53 Device Driver Package Install: Avast Network Service
30-12-2015 14:15:38 JRT Pre-Junkware Removal
30-12-2015 14:16:14 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2015-12-29 17:25 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0861D7E4-4791-41AB-99F5-24E8D6F4A37B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-29] (AVAST Software)
Task: {0DF82C09-8B69-4D3F-8939-515027E351FB} - System32\Tasks\Dedketde => C:\PROGRA~1\SHOPPE~1\Shsiwb.bat
Task: {39F0989C-B2D7-442F-BF10-EF50D42F1028} - System32\Tasks\Opera scheduled Autoupdate 1449987422 => C:\Program Files (x86)\Opera\launcher.exe
Task: {49C31E8F-D1CE-46E4-9561-B3CC41C91962} - System32\Tasks\{78232B2D-515F-48A0-A5C7-4A9232ED95F9} => pcalua.exe -a G:\HTCDrivers\HTCDriverInstaller.exe -d G:\HTCDrivers
Task: {4DF498D3-9E0E-475C-B7DA-21883670BBEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C5A5D1D-D20E-43CC-B1B6-B368378BC5C8} - System32\Tasks\SafeZone scheduled Autoupdate 1451375648 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {6DC4E6B4-65E5-40E4-B609-7EB60E81E7C9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-29] (AVAST Software)
Task: {70784624-1E14-48DB-AB73-C07B6873506E} - System32\Tasks\VPNReactor => C:\Program Files (x86)\VPNReactor\VPNReactor.exe
Task: {8767DBA3-A68C-4638-8D02-5F6FA8E9F894} - System32\Tasks\{D8E31926-A991-4586-AE95-F40EAE9A01A0} => pcalua.exe -a C:\Users\User\Downloads\Nokia_PC_Suite_ALL.exe -d C:\Users\User\Downloads
Task: {8BECCAE8-8A7E-4FC9-88E0-ABA5951458F9} - System32\Tasks\{991093C2-89E5-47B0-A722-58DB69489B36} => pcalua.exe -a F:\HTCDrivers\HTCDriverInstaller.exe -d F:\HTCDrivers
Task: {AA0A879F-6D58-49B7-954B-C5DF9C1B2ADD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B7092169-DE29-438D-AD92-75BE97E65CFD} - System32\Tasks\{D19222F7-393E-46E5-817F-D657D32F3978} => pcalua.exe -a C:\Users\User\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
Task: {E4E080CD-702A-4647-AF9C-25ADFDCB7754} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {E926BD8A-57D4-4475-9927-D8416BC58781} - System32\Tasks\{CF48E146-1385-4CC2-B076-6B9B36AF1F6E} => pcalua.exe -a C:\Users\User\Downloads\ADE_2.0_Installer.exe -d C:\Users\User\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 19:17 - 2015-03-05 19:17 - 03272048 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2015-12-29 18:35 - 2015-12-29 18:35 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-30 10:15 - 2015-12-30 10:15 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15122901\algo.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-31 08:22 - 2015-12-31 08:22 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123001\algo.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-27 18:47 - 2015-12-11 14:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-27 18:47 - 2015-12-11 14:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2013-02-20 22:06 - 2012-12-06 20:12 - 00035160 _____ () C:\Program Files\HotVirtualKeyboard\hvkH.dll
 
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Papogaj => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-332799431-1520625345-1691349392-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_32 => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_64 => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 2
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C69E7FA8-F735-43F0-A2AD-8BC758DD2373}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2015 10:24:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 11.0.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6b4

Start Time: 01d1428f97031284

Termination Time: 0

Application Path: C:\Users\User\Downloads\RogueKiller.exe

Report Id:

Error: (12/29/2015 05:58:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/29/2015 05:58:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/29/2015 06:00:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.

Error: (12/29/2015 06:00:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1072) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error: (12/29/2015 05:31:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: User-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (12/29/2015 05:31:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: User-PC)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/29/2015 05:21:13 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF

Error: (12/29/2015 04:46:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2015 04:17:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/31/2015 08:22:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Firewall service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/31/2015 08:20:01 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/30/2015 04:07:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/30/2015 04:02:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/30/2015 03:49:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/30/2015 02:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 02:07:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/30/2015 02:07:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/30/2015 02:07:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (12/30/2015 02:06:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2015-12-30 10:24:20.680
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-30 10:24:20.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-30 10:21:16.633
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-30 10:21:16.259
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-30 10:20:30.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-30 10:20:29.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 17:32:54.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 17:32:54.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 17:32:22.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 17:32:21.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 71%
Total physical RAM: 1908.56 MB
Available physical RAM: 543.02 MB
Total Virtual: 3817.13 MB
Available Virtual: 1774.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:250 GB) (Free:92.85 GB) NTFS
Drive d: () (Fixed) (Total:215.66 GB) (Free:191.75 GB) NTFS
Drive g: (HTC Sync Manager) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 45D61283)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
redtarget.gif
Uninstall following unwanted program: SpaceSoundPro Service.

redtarget.gif
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    781 bytes · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by User (2015-12-31 09:12:53) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Task: {0DF82C09-8B69-4D3F-8939-515027E351FB} - System32\Tasks\Dedketde => C:\PROGRA~1\SHOPPE~1\Shsiwb.bat
C:\PROGRA~1\SHOPPE~1\Shsiwb.bat

*****************

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DF82C09-8B69-4D3F-8939-515027E351FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DF82C09-8B69-4D3F-8939-515027E351FB}" => key removed successfully
C:\Windows\System32\Tasks\Dedketde => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dedketde" => key removed successfully
"C:\PROGRA~1\SHOPPE~1\Shsiwb.bat" => not found.

==== End of Fixlog 09:13:08 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Hey Broni, I'm heading interstate to celebrate the NY so won't have access to my laptop until 7th January. Would you be able to extend assistance until that date? I'll complete the scans and post the logs on 7th January.

Happy new year and thank you for all your help thus far! :)

Em
 
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast afwServ.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 10-06-2014
Ran by User (administrator) on 31-12-2015 at 13:16:49
Running from "C:\Users\User\AppData\Local\Temp\WPDNSE\{00000352-0001-0001-0000-000000000000}"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
No viruses found when I ran Sophos. The "details" icon was faded so there's nothing to upload?
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Steps followed. I had 57 recommended Windows Update updates to install! No wonder I had such a serious attack?! Do you recommend I install the optional updates too?

My computer is good. Programs especially the internet seems to lag a little (if not more) than before...possibly due to better anti virus/malware programs at work. I think this issue is due to the age of my laptop? Sometimes when I placed my laptop on my bed with too much of a bounce the blue screen pops up. The disk checks runs and then the computer restarts with no obvious issues. I think this could be a hardware issue as previously (a few years ago) I had to replace my hard drive when I dropped my laptop and it wouldn't start.
 
Do you recommend I install the optional updates too?
Click to expand...
Yes, except for any non-MS updates like drivers. Avoid those.

Way to go!!
Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C
Cal Jeffrey
The MyHouse Doom 2 mod is a masterpiece of creepy map editing
Replies
4
Views
778
loki1944
L
Cal Jeffrey
Microsoft's Bing chatbot AI is susceptible to several types of "prompt injection" attacks
Replies
5
Views
678
wiyosaya
wiyosaya

Latest posts

Back