Solved Host Process for Windows Services stopped working and was closed

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2014 01
Ran by omax895 (administrator) on OMAX895-PC on 11-12-2014 00:45:41
Running from C:\Users\omax895\Downloads
Loaded Profile: omax895 (Available profiles: omax895 & Just 4U 2Use & MASTER ACCOUNT)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...EANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzA (the data entry has 281 more characters).
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\...\Run: [Yahoo! Pager] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4670704 2007-08-30] (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> {689DFC12-6FF4-4911-9254-2BA80F44FAB7} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Yahoo! IE Suggest -> {5A263CF7-56A6-4D68-A8CF-345BE45BC911} -> C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179

FireFox:
========
FF ProfilePath: C:\Users\omax895\AppData\Roaming\Mozilla\Firefox\Profiles\393famyn.default-1404684719354
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\omax895\AppData\Roaming\Mozilla\Firefox\Profiles\393famyn.default-1404684719354\searchplugins\cuil.xml
FF SearchPlugin: C:\Users\omax895\AppData\Roaming\Mozilla\Firefox\Profiles\393famyn.default-1404684719354\searchplugins\torrents-search.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-22]
 
Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S4 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [601600 2010-11-04] (Microsoft Corporation) [File not signed]
S4 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [40960 2006-07-20] () [File not signed]
S4 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
S4 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [77824 2006-11-01] (TOSHIBA CORPORATION) [File not signed]
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACEDRV06; C:\Windows\system32\drivers\ACEDRV06.sys [99840 2007-05-15] (Protect Software GmbH) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2012-06-02] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R2 MCSTRM; C:\Windows\system32\Drivers\MCSTRM.sys [8413 2007-06-24] (RealNetworks, Inc.) [File not signed]
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2007-10-11] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [22120 2012-11-29] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [49808 2012-11-29] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [27792 2012-11-29] (Realtek Corporation)
S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [94584 2011-09-29] (GFI Software)
S3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [94584 2011-09-29] (GFI Software)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24456 2007-08-10] ()
S3 SWMX00; C:\Windows\System32\DRIVERS\swmx00.sys [73856 2007-06-27] (Sierra Wireless Inc.) [File not signed]
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [101248 2007-06-27] (Sierra Wireless Inc.) [File not signed]
S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [49808 2012-11-29] (Realtek Corporation)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [27792 2012-11-29] (Realtek Corporation)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [186592 2009-01-03] (Jungo) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40960 2006-10-28] (TOSHIBA CORPORATION)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 00:45 - 2014-12-11 00:47 - 00017273 _____ () C:\Users\omax895\Downloads\FRST.txt
2014-12-11 00:43 - 2014-12-11 00:45 - 00000000 ____D () C:\FRST
2014-12-11 00:42 - 2014-12-11 00:42 - 01111040 _____ (Farbar) C:\Users\omax895\Downloads\FRST.exe
2014-12-11 00:36 - 2014-12-11 00:36 - 00000783 _____ () C:\Users\omax895\Desktop\JRT.txt
2014-12-11 00:28 - 2014-12-11 00:28 - 01707646 _____ (Thisisu) C:\Users\omax895\Downloads\JRT.exe
2014-12-10 23:35 - 2014-12-10 23:35 - 02166272 _____ () C:\Users\omax895\Downloads\adwcleaner_4.105.exe
2014-12-10 23:21 - 2014-12-10 23:21 - 00015517 _____ () C:\ComboFix.txt
2014-12-09 21:15 - 2014-12-09 21:16 - 15201368 _____ () C:\Users\omax895\Downloads\RogueKiller.exe
2014-12-09 21:14 - 2014-12-09 21:14 - 15201368 _____ () C:\Users\omax895\Downloads\RogueKiller.exe.part
2014-12-08 23:47 - 2014-12-08 23:47 - 00008321 _____ () C:\Users\omax895\Desktop\attach.txt
2014-12-08 23:47 - 2014-12-08 23:45 - 00014565 _____ () C:\Users\omax895\Desktop\dds.txt
2014-12-08 23:39 - 2014-12-08 23:39 - 00688992 ____R (Swearware) C:\Users\omax895\Downloads\dds.com
2014-12-08 22:44 - 2014-12-08 22:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-08 21:05 - 2014-12-08 21:05 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 21:05 - 2014-12-08 21:05 - 00000910 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 21:05 - 2014-12-08 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 21:04 - 2014-12-08 21:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 21:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 21:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 21:01 - 2014-12-08 21:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\omax895\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 20:24 - 2014-12-05 20:24 - 00000853 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-05 20:24 - 2014-12-05 20:24 - 00000853 _____ () C:\ProgramData\Desktop\AVG 2015.lnk
2014-12-05 20:24 - 2014-12-05 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-05 20:16 - 2014-12-05 20:16 - 04637504 _____ (AVG Technologies) C:\Users\omax895\Downloads\avg_free_stb_all_2015_5557_cnet(1).exe
2014-12-05 18:44 - 2014-12-05 18:44 - 11447608 _____ (Microsoft Corporation) C:\Users\omax895\Downloads\mseinstall.exe
2014-12-04 22:37 - 2014-12-04 22:37 - 00015874 _____ () C:\FixitRegBackup.reg
2014-12-04 22:32 - 2014-12-04 22:32 - 00899584 _____ () C:\Users\omax895\Downloads\MicrosoftFixit50535.msi
2014-12-04 10:45 - 2014-12-04 10:45 - 00000000 ____D () C:\Program Files\ESET
2014-12-03 20:16 - 2014-12-03 20:16 - 04637504 _____ (AVG Technologies) C:\Users\omax895\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-03 19:13 - 2014-12-03 19:13 - 00448512 _____ (OldTimer Tools) C:\Users\omax895\Downloads\TFC.exe
2014-12-03 19:08 - 2014-12-03 19:09 - 00002647 _____ () C:\Users\omax895\Downloads\FSS.txt
2014-12-03 18:49 - 2014-12-05 08:04 - 00068994 _____ () C:\Users\omax895\Downloads\OTL.Txt
2014-12-03 18:49 - 2014-12-03 18:49 - 00058058 _____ () C:\Users\omax895\Downloads\Extras.Txt
2014-12-03 18:03 - 2014-12-03 18:03 - 00000000 ____D () C:\Windows\ERUNT
2014-12-03 17:28 - 2014-12-11 00:02 - 00000000 ____D () C:\AdwCleaner
2014-12-03 15:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-03 15:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-03 15:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-03 15:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-03 15:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-03 15:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-03 15:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-03 15:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-03 15:11 - 2014-12-11 00:32 - 00000000 ____D () C:\Users\omax895\AppData\Local\CrashDumps
2014-12-03 14:36 - 2014-12-10 23:21 - 00000000 ____D () C:\Qoobox
2014-12-03 14:33 - 2014-12-10 23:08 - 00000000 ____D () C:\Windows\erdnt
2014-12-03 14:24 - 2014-12-10 01:05 - 05601243 ____R (Swearware) C:\Users\omax895\Downloads\ComboFix.exe
2014-12-03 10:56 - 2014-12-08 21:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-03 10:55 - 2014-12-11 00:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 10:55 - 2014-12-10 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-03 10:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-03 10:53 - 2014-12-10 00:41 - 00000000 ____D () C:\Users\omax895\Desktop\mbar
2014-12-03 09:39 - 2014-12-09 21:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-03 09:38 - 2014-12-03 09:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-25 23:09 - 2014-11-25 23:09 - 00000000 ____D () C:\Users\omax895\AppData\Local\Bluestacks
2014-11-21 08:13 - 2014-11-21 08:13 - 06391760 _____ (YL Computing, Inc ) C:\Users\omax895\Downloads\wufinstall.exe
2014-11-18 22:53 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 10:08 - 2014-10-27 14:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 10:08 - 2014-10-27 14:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 10:08 - 2014-10-27 14:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 10:08 - 2014-10-27 13:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 10:08 - 2014-10-27 13:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 10:08 - 2014-10-27 13:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 10:08 - 2014-10-27 13:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 10:08 - 2014-10-27 13:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 10:08 - 2014-10-27 13:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 10:08 - 2014-10-27 13:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 10:08 - 2014-10-27 13:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 10:08 - 2014-10-27 13:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 10:08 - 2014-10-27 13:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 10:08 - 2014-10-27 13:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 10:08 - 2014-10-27 13:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 10:08 - 2014-10-27 13:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 10:08 - 2014-10-27 13:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 10:08 - 2014-10-27 13:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 10:08 - 2014-10-27 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 10:08 - 2014-10-27 13:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 10:08 - 2014-10-27 13:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:24 - 2014-10-09 20:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 14:24 - 2014-10-09 20:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 14:24 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 14:24 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 14:18 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 14:17 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 14:16 - 2014-09-18 19:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 14:15 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 14:09 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:38 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:38 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:38 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:38 - 2014-10-02 20:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:38 - 2014-10-02 20:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:09 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 00:15 - 2007-01-03 21:53 - 01669861 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 00:10 - 2006-11-02 08:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-11 00:10 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 00:05 - 2006-11-02 07:47 - 00003296 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-11 00:05 - 2006-11-02 07:47 - 00003296 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-11 00:04 - 2014-07-02 06:18 - 00040866 _____ () C:\Windows\PFRO.log
2014-12-10 23:33 - 2013-08-09 12:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-10 23:08 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-10 22:18 - 2014-10-23 19:38 - 00000000 ____D () C:\Users\omax895\AppData\Roaming\Skype
2014-12-09 18:11 - 2010-09-12 16:44 - 00000000 _____ () C:\Users\omax895\AppData\Local\prvlcl.dat
2014-12-09 07:13 - 2012-05-08 16:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 12:17 - 2014-10-25 15:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-12-06 12:17 - 2014-10-25 15:25 - 00000000 ___RD () C:\Program Files\Skype
2014-12-06 12:17 - 2009-10-21 19:17 - 00000000 ____D () C:\Program Files\AVG
2014-12-06 12:16 - 2014-10-24 10:22 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-06 12:16 - 2013-04-12 14:16 - 00000000 ____D () C:\Users\omax895\AppData\Local\SkypeWebPlugin
2014-12-06 12:16 - 2010-08-24 09:50 - 00000000 ____D () C:\Users\omax895\{7d551889-f57d-4a83-ae62-7758b69c3f9a}
2014-12-06 12:16 - 2010-06-19 19:30 - 00000000 ____D () C:\Users\omax895\AppData\Roaming\SystemRequirementsLab
2014-12-06 12:16 - 2009-10-06 07:18 - 00000000 __RSD () C:\Users\omax895\Documents\My Stationery
2014-12-06 12:16 - 2008-06-13 18:21 - 00000000 ____D () C:\Users\omax895\Documents\My Albums
2014-12-06 12:16 - 2007-01-30 22:06 - 00000000 ___RD () C:\Users\omax895\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-06 12:16 - 2007-01-30 22:06 - 00000000 ___RD () C:\Users\omax895\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-06 12:16 - 2007-01-30 22:06 - 00000000 ____D () C:\Users\omax895
2014-12-06 12:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-12-06 12:16 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-12-05 20:23 - 2010-07-21 13:06 - 00000000 ____D () C:\$AVG
2014-12-05 20:12 - 2011-01-25 17:57 - 00002150 _____ () C:\Windows\epplauncher.mif
2014-12-05 11:55 - 2014-04-15 16:00 - 00006158 _____ () C:\Users\omax895\Desktop\Rkill.txt
2014-12-04 16:01 - 2011-10-28 11:08 - 00000680 _____ () C:\Users\omax895\AppData\Local\d3d9caps.dat
2014-12-03 16:13 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2014-12-03 16:13 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-12-03 15:43 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system
2014-12-03 15:37 - 2009-10-21 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-03 15:13 - 2013-03-26 09:03 - 00000000 ____D () C:\ProgramData\Skype
2014-12-03 14:56 - 2014-10-24 10:15 - 00000000 ____D () C:\Users\omax895\AppData\Local\Avg2015
2014-11-24 14:04 - 2009-10-02 21:51 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 08:29 - 2014-07-02 23:02 - 00000000 ____D () C:\Program Files\WinUtilities
2014-11-21 08:15 - 2014-07-02 23:03 - 00000836 _____ () C:\Users\Public\Desktop\WinUtilities.lnk
2014-11-21 08:15 - 2014-07-02 23:03 - 00000836 _____ () C:\ProgramData\Desktop\WinUtilities.lnk
2014-11-21 08:15 - 2014-07-02 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities
2014-11-14 22:44 - 2006-11-02 05:33 - 00769170 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 21:57 - 2012-04-09 12:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 06:47 - 2014-06-21 21:37 - 00000000 ____D () C:\Users\omax895\AppData\Local\Adobe
2014-11-14 06:46 - 2012-04-09 12:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-14 06:46 - 2011-05-18 07:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 15:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 15:10 - 2006-11-02 07:47 - 00351120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 14:23 - 2006-11-30 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 13:37 - 2013-07-11 15:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 13:12 - 2006-11-02 05:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Windows\Tasks\{83A29F52-EDF9-403C-91D2-4E8B270AC5F9}.job


Some content of TEMP:
====================
C:\Users\omax895\AppData\Local\temp\Quarantine.exe
C:\Users\omax895\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-11 00:15

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2014 01
Ran by omax895 at 2014-12-11 00:48:03
Running from C:\Users\omax895\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\...\Akamai) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.204 - AVG) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.00.10(T) - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.02 - TOSHIBA)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Dialer (HKLM\...\Desktop Dialer) (Version: - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Firebird SQL Server - MAGIX Edition (US) (HKLM\...\Firebird SQL Server US) (Version: 2.0.0.1 - MAGIX AG)
Google Video Player (HKLM\...\GoogleVideoPlayer) (Version: - )
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.2 - HP)
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Internet Offers (HKLM\...\Internet Offers from Toshiba) (Version: 6.2 - PeoplePC, Inc.)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version: - )
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Majestic Chess (HKLM\...\{A25DAEDA-5558-4E1D-931A-5D57053FDFED}) (Version: 1.00.0000 - ValuSoft)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.243.1025.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.3 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Rhapsody (HKLM\...\Rhapsody) (Version: - )
Rhapsody Player Engine (HKLM\...\{8A62A068-3FD6-495A-9F66-26FE94F32EC9}) (Version: 1.0.690 - RealNetworks)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}) (Version: 1.23.0000 - Texas Instruments Inc.)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TIPCI (Version: 1.23.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.00.00 - )
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 7.00.21 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.0a - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.00.00 - TOSHIBA Corporation)
TOSHIBA Game Console (HKLM\...\TOSHIBA Game Console) (Version: - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.45.50.8C - TOSHIBA)
TOSHIBA Media Center Game Console (HKLM\...\TOSHIBA Media Center Game Console) (Version: - WildTangent)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.6 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.0 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.45.50.5C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.7 - TOSHIBA Corporation)
TSP_CODEC (HKLM\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Utility Common Driver (Version: 0.0.50.4C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinDVD for TOSHIBA (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B6.107 - InterVideo Inc.)
WinDVD for TOSHIBA (Version: 8.0-B6.107 - InterVideo Inc.) Hidden
WinUtilities Free Edition 11.26 (HKLM\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.26 - YL Computing, Inc)
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version: - )
Yahoo! IE Search Suggest (HKLM\...\Yahoo! IE Suggest) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - )
Yahoo! Music Jukebox (HKLM\...\Yahoo! Music Engine) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> blank No File

==================== Restore Points =========================

26-11-2014 14:11:59 Windows Update
30-11-2014 13:12:09 Windows Update
03-12-2014 17:17:31 Malwarebytes Anti-Rootkit Restore Point
03-12-2014 19:49:56 Removed AVG 2015
03-12-2014 19:55:08 Removed AVG 2015
04-12-2014 01:20:06 Installed AVG 2015
04-12-2014 01:22:08 Installed AVG 2015
04-12-2014 12:32:49 Windows Update
05-12-2014 03:34:46 Installed Microsoft Fix it 50535
05-12-2014 20:30:33 Removed AVG 2015
05-12-2014 20:33:50 Removed AVG 2015
05-12-2014 23:39:54 Installed Microsoft Fix it 50535
06-12-2014 01:20:15 Installed AVG 2015
06-12-2014 01:21:46 Installed AVG 2015
06-12-2014 16:42:51 Restore Operation
06-12-2014 17:03:42 Restore Operation
09-12-2014 12:52:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-12-10 23:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14E1BA17-4536-428C-AF4F-4147D5757820} - \RegCure Program Check No Task File <==== ATTENTION
Task: {383C27A9-5CB8-4CB0-8400-D1F884EC21F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {39D155B4-60FB-481B-A280-561E335E41F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53DD181E-4100-4523-9D34-1E8DC70FB1E7} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {96FD20C6-5C1D-4D78-9FD8-4B83235B684D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {975E0190-D33F-41F1-BA81-DD2132BEBFFE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {98490739-2886-45BA-A4CB-511786173BC9} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {CADEA935-D8A1-4905-B4F2-3B820DF4CB39} - \RegCure Startup No Task File <==== ATTENTION
Task: {E5B3E746-10F8-4677-BCC5-EBA87F8196C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {E78CDF4F-E214-4A46-9E96-B3BA963A652D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {F70BDDA0-291A-4E41-BF7E-C7617F1DDDDB} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {FBA0F7AF-D1EE-4CA2-AE39-95674B1F5535} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {FBA469E7-C0D6-4DF0-A860-0C02ED0AD1F5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-22] (Lavasoft Limited )
Task: {FFE72A17-BE3C-4187-A6FC-622B16C34D6C} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0CDBB7B2-09C7-41D6-8415-7785FAE83B49}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\{83A29F52-EDF9-403C-91D2-4E8B270AC5F9}.job => c:\program files\internet explorer\iexplore.exe

==================== Loaded Modules (whitelisted) =============

2006-08-10 18:00 - 2006-08-10 18:00 - 00094208 ____N () C:\Windows\System32\TosBtHcrpAPI.dll
2014-12-08 22:45 - 2014-12-08 22:46 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-14 06:46 - 2014-11-14 06:46 - 16840880 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Ad-Aware Service => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: avg9emc => 2
MSCONFIG\Services: avg9wd => 2
MSCONFIG\Services: CFSvcs => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LVPrcSrv => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Swupdtmr => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\Services: vToolbarUpdater18.1.7 => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PINGER => C:\TOSHIBA\IVP\ISM\pinger.exe /run
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

========================= Accounts: ==========================

Administrator (S-1-5-21-4210009009-1510551338-2517258027-500 - Administrator - Disabled)
Guest (S-1-5-21-4210009009-1510551338-2517258027-501 - Limited - Disabled)
Just 4U 2Use (S-1-5-21-4210009009-1510551338-2517258027-1001 - Limited - Enabled) => C:\Users\Just 4U 2Use
MASTER ACCOUNT (S-1-5-21-4210009009-1510551338-2517258027-1004 - Administrator - Enabled) => C:\Users\MASTER ACCOUNT
omax895 (S-1-5-21-4210009009-1510551338-2517258027-1000 - Administrator - Enabled) => C:\Users\omax895

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-12-11 00:47:45.304
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:44.859
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:44.409
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:43.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:43.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:42.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:42.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:47:41.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:46:52.108
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-11 00:46:51.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz
Percentage of memory in use: 91%
Total physical RAM: 1013.38 MB
Available physical RAM: 87.88 MB
Total Pagefile: 2285.07 MB
Available Pagefile: 783.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.38 MB

==================== Drives ================================

Drive c: (SQ004242V05) (Fixed) (Total:147.58 GB) (Free:85.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 6BBA44A8)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=147.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
At #22 where you wanted me to open windows explorer I am not finding anything similar to what you have outlined / mention . when I right click on Windows Explorer and go into properties , I click the "General" tab and there is a section titled "Attributes" with two boxes that are unchecked , one is read-only and the other is hidden , along with a button entitled "Advance". is that the box that I am suppose to check [hidden] then apply ?
when I click windows explorer out of the start menu it keeps taking me to documents , and there is no option entitled "Tools"
So, should I go ahead and download "SystemLook" instead ?
 
Thank you for your patience.
I went through the Control Panel to " Appearance and Personalization" and access "Folder Options" and clicked on "Show hidden files and folders" and the Folder options box popped up with three tab options : " General - View - Search" , I clicked "View" , in the Advanced window section both of those two options you wanted me to check ("put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.") was already checked and UN-checked .so I will go ahead and do the "Virustotal scan" and post any results.

SHA256: 42b10a6ae9d197dd4c7b2177be27d5a94e06e310443f4e79e0a49a837dba8f5b
File name: schedsvc.dll
Detection ratio: 0 / 56
Analysis date: 2014-12-11 17:24:13 UTC ( 0 minutes ago )



SystemLook 30.07.11 by jpshortstuff
Log created at 12:35 on 11/12/2014 by omax895
Administrator - Elevation successful

========== filefind ==========

Searching for "schedsvc.dll"
C:\Windows\System32\schedsvc.dll --a---- 601600 bytes [00:08 15/12/2010] [18:55 04/11/2010] DAD7170229AC031D111E444275D522A5
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16386_none_2cca5c959a1767e4\schedsvc.dll --a---- 595456 bytes [08:41 02/11/2006] [09:46 02/11/2006] 5C72614E6625D39CC1504BF078FDC4CA
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll --a---- 595456 bytes [13:39 14/02/2008] [13:39 14/02/2008] 886CEC884B5BE29AB9828B8AB46B11F7
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll --a---- 595968 bytes [13:39 14/02/2008] [13:39 14/02/2008] BF17DA9F25A4F84C2577AC13EE126CB7
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll --a---- 596992 bytes [15:00 13/04/2008] [07:36 19/01/2008] 1D5E99DB3C10F4FA034010DC49043CA4
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll --a---- 603648 bytes [00:08 15/12/2010] [11:09 06/11/2010] 7B587B8A6D4A99F79D2902D0385F29BD
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll --a---- 604672 bytes [00:08 15/12/2010] [23:55 05/11/2010] 4B71C228530440F853F9C30E308F00E9
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll --a---- 595456 bytes [01:27 17/09/2009] [06:28 11/04/2009] 323AE0BDFD2EB15B668DDA50CC597329
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll --a---- 601600 bytes [00:08 15/12/2010] [18:55 04/11/2010] DAD7170229AC031D111E444275D522A5
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll --a---- 602112 bytes [00:08 15/12/2010] [00:43 05/11/2010] 38AE0400578FD396628F21A571473A3B

-= EOF =-
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.8 KB · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-12-2014 01
Ran by omax895 at 2014-12-11 19:35:54 Run:1
Running from C:\Users\omax895\Downloads
Loaded Profile: omax895 (Available profiles: omax895 & Just 4U 2Use & MASTER ACCOUNT)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
C:\Windows\Tasks\{83A29F52-EDF9-403C-91D2-4E8B270AC5F9}.job
C:\Users\omax895\AppData\Local\temp\Quarantine.exe
C:\Users\omax895\AppData\Local\temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> blank No File
CustomCLSID: HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> blank No File
Task: {14E1BA17-4536-428C-AF4F-4147D5757820} - \RegCure Program Check No Task File <==== ATTENTION
Task: {53DD181E-4100-4523-9D34-1E8DC70FB1E7} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File <==== ATTENTION
Task: {96FD20C6-5C1D-4D78-9FD8-4B83235B684D} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {CADEA935-D8A1-4905-B4F2-3B820DF4CB39} - \RegCure Startup No Task File <==== ATTENTION
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2012-06-02] ()
C:\Program Files\Lavasoft
Task: {98490739-2886-45BA-A4CB-511786173BC9} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {FBA469E7-C0D6-4DF0-A860-0C02ED0AD1F5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-22] (Lavasoft Limited )
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

*****************

"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
"HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}" => Key not found.
MsMpSvc => Service deleted successfully.
blbdrive => Service deleted successfully.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Windows\Tasks\{83A29F52-EDF9-403C-91D2-4E8B270AC5F9}.job => Moved successfully.
C:\Users\omax895\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\omax895\AppData\Local\temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-4210009009-1510551338-2517258027-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14E1BA17-4536-428C-AF4F-4147D5757820}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14E1BA17-4536-428C-AF4F-4147D5757820}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Program Check" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DD181E-4100-4523-9D34-1E8DC70FB1E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DD181E-4100-4523-9D34-1E8DC70FB1E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Signature Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96FD20C6-5C1D-4D78-9FD8-4B83235B684D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96FD20C6-5C1D-4D78-9FD8-4B83235B684D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CADEA935-D8A1-4905-B4F2-3B820DF4CB39}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CADEA935-D8A1-4905-B4F2-3B820DF4CB39}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Startup" => Key deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
C:\Program Files\Lavasoft => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98490739-2886-45BA-A4CB-511786173BC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98490739-2886-45BA-A4CB-511786173BC9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBA469E7-C0D6-4DF0-A860-0C02ED0AD1F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBA469E7-C0D6-4DF0-A860-0C02ED0AD1F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 0.99.93
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC TuneUp 2014 (en-US)
Java 7 Update 65
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.223 Flash Player out of Date!
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 21-07-2014
Ran by omax895 (administrator) on 11-12-2014 at 20:55:08
Running from "C:\Users\omax895\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****
 
2014-12-12 02:17:43.324 Sophos Virus Removal Tool version 2.5.4
2014-12-12 02:17:43.324 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2014-12-12 02:17:43.325 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-12-12 02:17:43.325 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2014-12-12 02:17:43.328 Checking for updates...
2014-12-12 02:17:52.032 Update progress: proxy server not available
2014-12-12 02:18:38.762 Option all = no
2014-12-12 02:18:38.763 Option recurse = yes
2014-12-12 02:18:38.763 Option archive = no
2014-12-12 02:18:38.763 Option service = yes
2014-12-12 02:18:38.763 Option confirm = yes
2014-12-12 02:18:38.763 Option sxl = yes
2014-12-12 02:18:38.766 Option max-data-age = 35
2014-12-12 02:18:38.766 Option EnableSafeClean = yes
2014-12-12 02:18:41.657 Option vdl-logging = yes
2014-12-12 02:18:41.745 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 02:18:41.745 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 02:18:44.202 Component SVRTcli.exe version 2.5.4
2014-12-12 02:18:44.203 Component control.dll version 2.5.4
2014-12-12 02:18:44.203 Component SVRTservice.exe version 2.5.4
2014-12-12 02:18:44.205 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 02:18:44.206 Component engine\veex.dll version 3.58.3.2183
2014-12-12 02:18:44.207 Component engine\savi.dll version 8.1.5.2183
2014-12-12 02:18:45.494 Component rkdisk.dll version 1.5.30.0
2014-12-12 02:18:45.515 Version info: Product version 2.5.4
2014-12-12 02:18:45.515 Version info: Detection engine 3.58.3
2014-12-12 02:18:45.515 Version info: Detection data 5.08
2014-12-12 02:18:45.515 Version info: Build date 11/11/2014
2014-12-12 02:18:45.515 Version info: Data files added 377
2014-12-12 02:18:45.515 Version info: Last successful update (not yet updated)
2014-12-12 02:19:19.930 Downloading updates...
2014-12-12 02:19:19.942 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE509 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE510 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE511 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE512 LATEST
2014-12-12 02:19:19.943 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-12 02:19:19.943 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-12 02:19:49.784 Update progress: [I19463] Syncing product IDE509 177
2014-12-12 02:19:58.657 Installing updates...
2014-12-12 02:20:02.941 Error level 1
2014-12-12 02:20:04.045 Update progress: [I19463] Syncing product IDE510 179
2014-12-12 02:20:04.045 Update progress: [I19463] Syncing product IDE511 24
2014-12-12 02:20:04.046 Update progress: [I19463] Syncing product IDE512 1
2014-12-12 02:22:05.775 Update successful
2014-12-12 02:22:27.949 Option all = no
2014-12-12 02:22:27.949 Option recurse = yes
2014-12-12 02:22:27.949 Option archive = no
2014-12-12 02:22:27.949 Option service = yes
2014-12-12 02:22:27.949 Option confirm = yes
2014-12-12 02:22:27.949 Option sxl = yes
2014-12-12 02:22:27.952 Option max-data-age = 35
2014-12-12 02:22:27.952 Option EnableSafeClean = yes
2014-12-12 02:22:28.334 Option vdl-logging = yes
2014-12-12 02:22:28.448 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 02:22:28.448 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 02:22:28.507 Component SVRTcli.exe version 2.5.4
2014-12-12 02:22:28.508 Component control.dll version 2.5.4
2014-12-12 02:22:28.508 Component SVRTservice.exe version 2.5.4
2014-12-12 02:22:28.509 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 02:22:28.510 Component engine\veex.dll version 3.58.3.2183
2014-12-12 02:22:28.510 Component engine\savi.dll version 8.1.5.2183
2014-12-12 02:22:28.523 Component rkdisk.dll version 1.5.30.0
2014-12-12 02:22:28.523 Version info: Product version 2.5.4
2014-12-12 02:22:28.525 Version info: Detection engine 3.58.3
2014-12-12 02:22:28.525 Version info: Detection data 5.08G
2014-12-12 02:22:28.525 Version info: Build date 11/11/2014
2014-12-12 02:22:28.525 Version info: Data files added 377
2014-12-12 02:22:28.525 Version info: Last successful update 12/11/2014 9:22:05 PM

2014-12-12 05:31:50.541 Could not open C:\pagefile.sys
2014-12-12 05:50:03.788 >>> Virus 'Mal/FakeAvCn-C' found in file C:\ProgramData\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 05:50:03.836 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:50:03.836 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 05:50:03.837 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:54:38.744 Could not open C:\System Volume Information\{2131799d-80f3-11e4-86a5-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.746 Could not open C:\System Volume Information\{29cfa7bb-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.748 Could not open C:\System Volume Information\{29cfa7c2-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.750 Could not open C:\System Volume Information\{29cfa7d1-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.801 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.803 Could not open C:\System Volume Information\{54eace53-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.805 Could not open C:\System Volume Information\{54eace65-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.807 Could not open C:\System Volume Information\{5de11801-8140-11e4-a5d0-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.809 Could not open C:\System Volume Information\{7768e939-7bad-11e4-ba38-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.811 Could not open C:\System Volume Information\{a545c47f-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.813 Could not open C:\System Volume Information\{a545c483-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.814 Could not open C:\System Volume Information\{aa5d1902-7ae0-11e4-ac05-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.816 Could not open C:\System Volume Information\{c00117a5-7f9c-11e4-bdde-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.820 Could not open C:\System Volume Information\{c85e00ce-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.822 Could not open C:\System Volume Information\{c85e00d2-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.824 Could not open C:\System Volume Information\{cbb3684a-7d63-11e4-8571-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.826 Could not open C:\System Volume Information\{e5a5db11-7d68-11e4-b743-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.828 Could not open C:\System Volume Information\{fbe059fb-7bf7-11e4-83c7-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:57:44.159 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Local\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 05:57:44.159 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:57:44.193 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 05:57:44.193 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Roaming\Microsoft\Windows\Templates\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 06:03:49.408 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:16:58.733 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-12 06:16:58.761 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-12 06:17:11.457 Could not open C:\Windows\System32\config\components
2014-12-12 06:17:11.697 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2014-12-12 06:17:11.701 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-12 06:17:11.715 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-12 06:17:11.719 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-12 06:17:11.722 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-12 06:17:11.725 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-12 06:57:56.526 Could not check C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\VIAAGP.SYS (virus scan failed)
2014-12-12 08:58:13.497 Warning: failed to stop service (230: The pipe state is invalid.)
2014-12-12 08:58:15.721 Error: scan service had to be terminated
 
"NOTICE" !!
I rerun the "Sophos Virus Removal Scan a second time , and this time the "Start Cleanup" button showed up .
so I include the "LOG" from that scan.


2014-12-12 02:17:43.324 Sophos Virus Removal Tool version 2.5.4
2014-12-12 02:17:43.324 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2014-12-12 02:17:43.325 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-12-12 02:17:43.325 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2014-12-12 02:17:43.328 Checking for updates...
2014-12-12 02:17:52.032 Update progress: proxy server not available
2014-12-12 02:18:38.762 Option all = no
2014-12-12 02:18:38.763 Option recurse = yes
2014-12-12 02:18:38.763 Option archive = no
2014-12-12 02:18:38.763 Option service = yes
2014-12-12 02:18:38.763 Option confirm = yes
2014-12-12 02:18:38.763 Option sxl = yes
2014-12-12 02:18:38.766 Option max-data-age = 35
2014-12-12 02:18:38.766 Option EnableSafeClean = yes
2014-12-12 02:18:41.657 Option vdl-logging = yes
2014-12-12 02:18:41.745 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 02:18:41.745 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 02:18:44.202 Component SVRTcli.exe version 2.5.4
2014-12-12 02:18:44.203 Component control.dll version 2.5.4
2014-12-12 02:18:44.203 Component SVRTservice.exe version 2.5.4
2014-12-12 02:18:44.205 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 02:18:44.206 Component engine\veex.dll version 3.58.3.2183
2014-12-12 02:18:44.207 Component engine\savi.dll version 8.1.5.2183
2014-12-12 02:18:45.494 Component rkdisk.dll version 1.5.30.0
2014-12-12 02:18:45.515 Version info: Product version 2.5.4
2014-12-12 02:18:45.515 Version info: Detection engine 3.58.3
2014-12-12 02:18:45.515 Version info: Detection data 5.08
2014-12-12 02:18:45.515 Version info: Build date 11/11/2014
2014-12-12 02:18:45.515 Version info: Data files added 377
2014-12-12 02:18:45.515 Version info: Last successful update (not yet updated)
2014-12-12 02:19:19.930 Downloading updates...
2014-12-12 02:19:19.942 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE509 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE510 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE511 LATEST
2014-12-12 02:19:19.943 Update progress: [I49502] Found supplement IDE512 LATEST
2014-12-12 02:19:19.943 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-12 02:19:19.943 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-12 02:19:49.784 Update progress: [I19463] Syncing product IDE509 177
2014-12-12 02:19:58.657 Installing updates...
2014-12-12 02:20:02.941 Error level 1
2014-12-12 02:20:04.045 Update progress: [I19463] Syncing product IDE510 179
2014-12-12 02:20:04.045 Update progress: [I19463] Syncing product IDE511 24
2014-12-12 02:20:04.046 Update progress: [I19463] Syncing product IDE512 1
2014-12-12 02:22:05.775 Update successful
2014-12-12 02:22:27.949 Option all = no
2014-12-12 02:22:27.949 Option recurse = yes
2014-12-12 02:22:27.949 Option archive = no
2014-12-12 02:22:27.949 Option service = yes
2014-12-12 02:22:27.949 Option confirm = yes
2014-12-12 02:22:27.949 Option sxl = yes
2014-12-12 02:22:27.952 Option max-data-age = 35
2014-12-12 02:22:27.952 Option EnableSafeClean = yes
2014-12-12 02:22:28.334 Option vdl-logging = yes
2014-12-12 02:22:28.448 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 02:22:28.448 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 02:22:28.507 Component SVRTcli.exe version 2.5.4
2014-12-12 02:22:28.508 Component control.dll version 2.5.4
2014-12-12 02:22:28.508 Component SVRTservice.exe version 2.5.4
2014-12-12 02:22:28.509 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 02:22:28.510 Component engine\veex.dll version 3.58.3.2183
2014-12-12 02:22:28.510 Component engine\savi.dll version 8.1.5.2183
2014-12-12 02:22:28.523 Component rkdisk.dll version 1.5.30.0
2014-12-12 02:22:28.523 Version info: Product version 2.5.4
2014-12-12 02:22:28.525 Version info: Detection engine 3.58.3
2014-12-12 02:22:28.525 Version info: Detection data 5.08G
2014-12-12 02:22:28.525 Version info: Build date 11/11/2014
2014-12-12 02:22:28.525 Version info: Data files added 377
2014-12-12 02:22:28.525 Version info: Last successful update 12/11/2014 9:22:05 PM

2014-12-12 05:31:50.541 Could not open C:\pagefile.sys
2014-12-12 05:50:03.788 >>> Virus 'Mal/FakeAvCn-C' found in file C:\ProgramData\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 05:50:03.836 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:50:03.836 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 05:50:03.837 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:54:38.744 Could not open C:\System Volume Information\{2131799d-80f3-11e4-86a5-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.746 Could not open C:\System Volume Information\{29cfa7bb-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.748 Could not open C:\System Volume Information\{29cfa7c2-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.750 Could not open C:\System Volume Information\{29cfa7d1-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.801 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.803 Could not open C:\System Volume Information\{54eace53-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.805 Could not open C:\System Volume Information\{54eace65-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.807 Could not open C:\System Volume Information\{5de11801-8140-11e4-a5d0-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.809 Could not open C:\System Volume Information\{7768e939-7bad-11e4-ba38-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.811 Could not open C:\System Volume Information\{a545c47f-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.813 Could not open C:\System Volume Information\{a545c483-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.814 Could not open C:\System Volume Information\{aa5d1902-7ae0-11e4-ac05-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.816 Could not open C:\System Volume Information\{c00117a5-7f9c-11e4-bdde-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.820 Could not open C:\System Volume Information\{c85e00ce-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.822 Could not open C:\System Volume Information\{c85e00d2-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.824 Could not open C:\System Volume Information\{cbb3684a-7d63-11e4-8571-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.826 Could not open C:\System Volume Information\{e5a5db11-7d68-11e4-b743-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:54:38.828 Could not open C:\System Volume Information\{fbe059fb-7bf7-11e4-83c7-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 05:57:44.159 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Local\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 05:57:44.159 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 05:57:44.193 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 05:57:44.193 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Roaming\Microsoft\Windows\Templates\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:03:49.407 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 06:03:49.408 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 06:16:58.733 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-12 06:16:58.761 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-12 06:17:11.457 Could not open C:\Windows\System32\config\components
2014-12-12 06:17:11.697 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2014-12-12 06:17:11.701 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-12 06:17:11.715 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-12 06:17:11.719 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-12 06:17:11.722 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-12 06:17:11.725 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-12 06:57:56.526 Could not check C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\VIAAGP.SYS (virus scan failed)
2014-12-12 08:58:13.497 Warning: failed to stop service (230: The pipe state is invalid.)
2014-12-12 08:58:15.721 Error: scan service had to be terminated

2014-12-12 12:14:36.476 Scan completed.
2014-12-12 12:14:36.476

------------------------------------------------------------

2014-12-12 12:56:45.482 Sophos Virus Removal Tool version 2.5.4
2014-12-12 12:56:45.482 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2014-12-12 12:56:45.482 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-12-12 12:56:45.482 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
2014-12-12 12:56:45.482 Checking for updates...
2014-12-12 12:56:49.789 Update progress: proxy server not available
2014-12-12 12:57:58.308 Option all = no
2014-12-12 12:57:58.308 Option recurse = yes
2014-12-12 12:57:58.308 Option archive = no
2014-12-12 12:57:58.308 Option service = yes
2014-12-12 12:57:58.308 Option confirm = yes
2014-12-12 12:57:58.308 Option sxl = yes
2014-12-12 12:57:58.308 Option max-data-age = 35
2014-12-12 12:57:58.308 Option EnableSafeClean = yes
2014-12-12 12:57:58.418 Option vdl-logging = yes
2014-12-12 12:57:58.496 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 12:57:58.496 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 12:57:58.589 Component SVRTcli.exe version 2.5.4
2014-12-12 12:57:58.589 Component control.dll version 2.5.4
2014-12-12 12:57:58.589 Component SVRTservice.exe version 2.5.4
2014-12-12 12:57:58.589 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 12:57:58.589 Component engine\veex.dll version 3.58.3.2183
2014-12-12 12:57:58.589 Component engine\savi.dll version 8.1.5.2183
2014-12-12 12:57:58.620 Component rkdisk.dll version 1.5.30.0
2014-12-12 12:57:58.620 Version info: Product version 2.5.4
2014-12-12 12:57:58.620 Version info: Detection engine 3.58.3
2014-12-12 12:57:58.620 Version info: Detection data 5.08G
2014-12-12 12:57:58.620 Version info: Build date 11/11/2014
2014-12-12 12:57:58.620 Version info: Data files added 377
2014-12-12 12:57:58.620 Version info: Last successful update 12/11/2014 9:22:05 PM
2014-12-12 12:58:29.852 Downloading updates...
2014-12-12 12:58:29.868 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-12-12 12:58:29.868 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-12-12 12:58:29.868 Update progress: [I49502] Found supplement IDE509 LATEST
2014-12-12 12:58:29.868 Update progress: [I49502] Found supplement IDE510 LATEST
2014-12-12 12:58:29.868 Update progress: [I49502] Found supplement IDE511 LATEST
2014-12-12 12:58:29.868 Update progress: [I49502] Found supplement IDE512 LATEST
2014-12-12 12:58:29.868 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-12-12 12:58:29.868 Update progress: [I19463] Syncing product SAVIW32 48
2014-12-12 12:58:29.868 Update progress: [I19463] Syncing product IDE509 177
2014-12-12 12:58:34.829 Update progress: [I19463] Syncing product IDE510 179
2014-12-12 12:58:34.829 Update progress: [I19463] Syncing product IDE511 26
2014-12-12 12:58:35.081 Installing updates...
2014-12-12 12:58:36.594 Error level 1
2014-12-12 12:58:37.218 Update progress: [I19463] Syncing product IDE512 1
2014-12-12 12:58:37.374 Update successful
2014-12-12 12:58:53.903 Option all = no
2014-12-12 12:58:53.903 Option recurse = yes
2014-12-12 12:58:53.903 Option archive = no
2014-12-12 12:58:53.903 Option service = yes
2014-12-12 12:58:53.903 Option confirm = yes
2014-12-12 12:58:53.903 Option sxl = yes
2014-12-12 12:58:53.903 Option max-data-age = 35
2014-12-12 12:58:53.903 Option EnableSafeClean = yes
2014-12-12 12:58:54.012 Option vdl-logging = yes
2014-12-12 12:58:54.028 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2014-12-12 12:58:54.028 Machine ID: ff73c4418a4c46299578d5caf3840f6a
2014-12-12 12:58:54.028 Component SVRTcli.exe version 2.5.4
2014-12-12 12:58:54.028 Component control.dll version 2.5.4
2014-12-12 12:58:54.028 Component SVRTservice.exe version 2.5.4
2014-12-12 12:58:54.028 Component engine\osdp.dll version 1.44.1.2183
2014-12-12 12:58:54.028 Component engine\veex.dll version 3.58.3.2183
2014-12-12 12:58:54.043 Component engine\savi.dll version 8.1.5.2183
2014-12-12 12:58:54.043 Component rkdisk.dll version 1.5.30.0
2014-12-12 12:58:54.043 Version info: Product version 2.5.4
2014-12-12 12:58:54.043 Version info: Detection engine 3.58.3
2014-12-12 12:58:54.043 Version info: Detection data 5.08G
2014-12-12 12:58:54.043 Version info: Build date 11/11/2014
2014-12-12 12:58:54.043 Version info: Data files added 379
2014-12-12 12:58:54.043 Version info: Last successful update 12/12/2014 7:58:37 AM

2014-12-12 14:27:20.712 Could not open C:\Boot\BCD
2014-12-12 14:28:10.490 Could not open C:\pagefile.sys
2014-12-12 14:39:00.110 >>> Virus 'Mal/FakeAvCn-C' found in file C:\ProgramData\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 14:39:00.175 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:39:00.175 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 14:39:00.175 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:41:48.087 Could not open C:\System Volume Information\{2131799d-80f3-11e4-86a5-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.089 Could not open C:\System Volume Information\{29cfa7bb-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.091 Could not open C:\System Volume Information\{29cfa7c2-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.093 Could not open C:\System Volume Information\{29cfa7d1-7ca5-11e4-8cd4-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.109 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.125 Could not open C:\System Volume Information\{54eace53-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.125 Could not open C:\System Volume Information\{54eace65-7b11-11e4-9426-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.125 Could not open C:\System Volume Information\{5de11801-8140-11e4-a5d0-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.125 Could not open C:\System Volume Information\{7768e939-7bad-11e4-ba38-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.126 Could not open C:\System Volume Information\{a545c47f-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.126 Could not open C:\System Volume Information\{a545c483-7ce1-11e4-ae92-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.126 Could not open C:\System Volume Information\{aa5d1902-7ae0-11e4-ac05-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.126 Could not open C:\System Volume Information\{c00117a5-7f9c-11e4-bdde-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.126 Could not open C:\System Volume Information\{c85e00ce-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.127 Could not open C:\System Volume Information\{c85e00d2-7b4c-11e4-8d45-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.128 Could not open C:\System Volume Information\{cbb3684a-7d63-11e4-8571-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.130 Could not open C:\System Volume Information\{e5a5db11-7d68-11e4-b743-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:41:48.132 Could not open C:\System Volume Information\{fbe059fb-7bf7-11e4-83c7-0016d48e8059}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-12-12 14:43:13.565 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Local\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 14:43:13.565 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:43:13.565 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 14:43:13.565 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:46:37.216 >>> Virus 'Mal/FakeAvCn-C' found in file C:\Users\omax895\AppData\Roaming\Microsoft\Windows\Templates\656nu88vr46o46434852dexedp8y387cbt2pw58838r
2014-12-12 14:46:37.216 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:46:37.216 >>> Virus 'Mal/FakeAvCn-C' found in file HKU\S-1-5-21-4210009009-1510551338-2517258027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2014-12-12 14:46:37.217 >>> Virus 'Mal/FakeAvCn-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-12-12 14:56:34.533 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-12-12 14:56:34.534 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-12-12 14:56:48.558 Could not open C:\Windows\System32\config\components
2014-12-12 14:56:48.740 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2014-12-12 14:56:48.757 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2014-12-12 14:56:48.769 Could not open C:\Windows\System32\config\RegBack\SAM
2014-12-12 14:56:48.773 Could not open C:\Windows\System32\config\RegBack\SECURITY
2014-12-12 14:56:48.776 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2014-12-12 14:56:48.794 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2014-12-12 15:39:19.974 Could not check C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\VIAAGP.SYS (virus scan failed)
2014-12-12 17:00:03.809 The following items will be cleaned up:
2014-12-12 17:00:03.971 Mal/FakeAvCn-C
 
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

=============================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you for all of your help Broni , the process has been amazing and enlightening . The window is still popping up when I boot up the computer . seeing that it may not be a "virus" or "malware" is there some other avenue that I should be looking at that is causing the problem ???
Again , I am exceedingly great-full for your time - help - and expertise in this matter , thank you !
 
Let's try one more thing.

Let's replace file Combofix didn't like.

Please download fresh copy of Farbar Recovery Scan Tool and save it to your Desktop.


Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    170 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2014
Ran by omax895 at 2014-12-13 01:03:23 Run:1
Running from C:\Users\omax895\Downloads
Loaded Profile: omax895 (Available profiles: omax895 & Just 4U 2Use & MASTER ACCOUNT)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Replace: C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll C:\Windows\System32\schedsvc.dll
*****************

C:\Windows\System32\schedsvc.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll copied successfully to C:\Windows\System32\schedsvc.dll

==== End of Fixlog ====
 
I reboot after the Fixlog and the pop up window did not appear :)
I humbly thank you for you diligence .
do I re-run DelFix again as well ?
... My deepest respect to you Sir !
 
You must log in or register to reply here.

Similar threads

W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni

Latest posts

Back