Solved Malwarebytes found PUPs

Rakshata · Jan 11, 2015

I'm a little worried, that my Malwarebytes found a couple of PUPs. I removed those with Malwarebytes but want to see if my computer is infected.

Here are my Malwarebytes and DDS logs.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/01/2015
Scan Time: 6:30:11 PM
Logfile: malwarebytes scan log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: Choko

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 566040
Time Elapsed: 5 hr, 17 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 11.25.2
Run by Choko at 17:20:44 on 2015-01-11
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.746 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Gizmo Project\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\choko\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Plantronics MyHeadset Updater] c:\program files\plantronics\myheadsetupdater\MyHeadsetUpdater.exe
mRun: [PLTSpokes.exe] c:\program files\plantronics\spokes3g\PLTSpokes.exe -min
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.kccsoft.com/authorware_web_files/awswaxd.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.earthcaller.com/VaxSIPUserAgentCAB.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 64.71.255.204 64.71.255.198
TCP: Interfaces\{53EDBA1B-E333-4612-98D7-50EB97FE9D02} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{85A34A61-8334-4386-9C0F-5AE90BDE5EFC} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} : DHCPNameServer = 64.71.255.204 64.71.255.198
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\choko\appdata\roaming\mozilla\firefox\profiles\iav4g5c1.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\choko\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
FF - ExtSQL: !HIDDEN! 2010-05-03 21:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-5-26 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-5-26 206248]
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2014-6-15 17200]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-5-26 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-5-26 423784]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-31 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-26 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-12-20 50344]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2014-6-1 8364848]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-10-5 242728]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-12-8 91392]
R3 DisplayLinkUsbIo;DisplayLinkUsbIo;c:\windows\system32\drivers\DisplayLinkUsbIo_7.6.55673.0.sys [2014-6-15 38192]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2014-6-15 370480]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-19 18848]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1036104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-1-10 114904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2015-01-10 23:20:48 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 23:20:03 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-10 23:20:03 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-10 23:20:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-10 23:20:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-01-10 07:35:01 -------- d-----w- c:\users\choko\appdata\roaming\OpenOffice
2015-01-10 04:25:53 -------- d-----w- c:\program files\OpenOffice 4
2015-01-08 03:04:04 -------- d-----w- c:\program files\Canon
2014-12-27 23:17:19 -------- d-----w- C:\vlc-2.1.5-win32
2014-12-27 01:15:23 -------- d-----w- c:\users\choko\appdata\roaming\addpcs
2014-12-26 23:22:03 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-12-26 23:22:03 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-12-26 23:22:03 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-12-26 23:22:03 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-12-26 23:22:03 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-12-26 23:17:10 -------- d-----w- c:\program files\Temp File Cleaner
2014-12-26 22:01:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7797321-2637-4a25-8b45-028f0633a51d}\offreg.dll
2014-12-26 21:32:52 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7797321-2637-4a25-8b45-028f0633a51d}\mpengine.dll
2014-12-26 21:08:11 284160 ----a-w- c:\windows\system32\mvhlewsi.DLL
2014-12-26 21:08:06 1511424 ----a-w- c:\windows\system32\HP1100SM.EXE
2014-12-26 21:08:03 151552 ----a-w- c:\windows\system32\SET4791.tmp
2014-12-26 21:08:03 151552 ----a-w- c:\windows\system32\HP1100LM.DLL
2014-12-26 21:06:09 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2014-12-26 21:06:09 472576 ----a-w- c:\windows\system32\secproc.dll
2014-12-26 21:06:07 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-12-26 21:06:06 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-12-26 21:06:06 515584 ----a-w- c:\windows\system32\RMActivate.exe
2014-12-26 21:06:06 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-12-26 21:06:04 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-12-26 21:06:04 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-12-26 21:06:03 312320 ----a-w- c:\windows\system32\msdrm.dll
2014-12-21 22:00:32 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HP1100PP.dll
2014-12-21 22:00:31 -------- d-----w- c:\program files\HP
2014-12-21 00:44:19 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2014-12-21 00:45:24 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-21 00:44:22 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-21 00:44:22 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-21 00:44:22 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-21 00:44:22 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-09 23:28:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 23:28:22 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-08 21:03:55 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-24 19:04:58 229000 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:21:56.97 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 03/01/2008 3:14:17 PM
System Uptime: 11/01/2015 3:29:36 PM (2 hours ago)
.
Motherboard: TOSHIBA | | ISKAA
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 174 GiB total, 37.499 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 5.102 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1406.144 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
ALPS Touch Pad Driver
Audacity 1.3.13 (Unicode)
Avanquest update
Avast Free Antivirus
Budget Dialup Software
Camera Assistant Software for Toshiba
Canon MF Toolbox 4.9.1.1.mf17
CD/DVD Drive Acoustic Silencer
Classic PhoneTools
Clearpointel
Dell Voice
Desktop eForms
DisplayLink Core Software
DisplayLink Graphics
Documents To Go
DVD MovieFactory for TOSHIBA
Foxit Cloud
Foxit Reader
Freephoneline
Gizmo5
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCall
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java 8 Update 25
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Kensington Display Adapter
Kensington Universal Notebook Docking Station with VGA and DVI
KONICA MINOLTA PagePro 1350W
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 2.0.4.1028
mCore
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
mMHouse
MotoConnect
Motorola Driver Installation 4.5.0
Motorola Phone Tools
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
OnlinePlay 1.0
OpenOffice 4.1.1
Palm Desktop by ACCESS
PC Connectivity Solution
Peak Scanner Software v1.0
Plantronics CSR Driver (32-bit)
Plantronics CsrDfu Installer
Plantronics HidDfu Installer
Plantronics MyHeadset Updater
Plantronics MyHeadset Updater Device Handlers (32-bit)
Plantronics MyHeadset Updater DFU Handlers (32-bit)
Plantronics MyHeadset Updater Install Check
Plantronics MyHeadset Updater MLS
Plantronics MyHeadset Updater Runtime
Plantronics MyHeadset Updater Startup
POP Peeper
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Recover Files 2.1
reminder
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Encoder (KB954156)
Skype Click to Call
Skype™ 6.18
SMPlayer 0.6.7
StudioTax 2011
StudioTax 2012
StudioTax 2013
Synaptics Pointing Device Driver
Temp File Cleaner
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebWasher
Winamp
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinRAR archiver
.
==== End Of File ===========================

Broni · Jan 11, 2015

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Rakshata · Jan 11, 2015

Thanks for the quick reply. Here are the logs.

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Choko [Administrator]
Mode : Delete -- Date : 01/11/2015 18:38:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\Choko\AppData\Local\Temp\mbr.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\Choko\AppData\Local\Temp\mbr.sys) -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{933E3F3C-09C0-456E-A0B0-125D8F600FF4} | DhcpNameServer : 64.71.255.204 64.71.255.198 [CANADA (CA)][CANADA (CA)] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[ShwSSDT:Addr(Hook.Shadow)] NtUserEnumDisplayDevices[384] : C:\Windows\system32\drivers\dlkmd.sys @ 0x8d047d90

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ea82cb3fd7f69bc7e2f0ec5425eaaa1d
[BSP] 0b960a35c0c553641f1a7322b803b43a : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 177798 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 367204352 | Size: 6020 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 379533312 | Size: 5463 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 7a4ec4e08b9c0b7774c61db295f91382
[BSP] 000cdb9b089b6a5f1cdf8ae3e35760b8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_01112015_183619.log

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.11.11

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Choko :: GUNDAM [administrator]

11/01/2015 6:57:35 PM
mbar-log-2015-01-11 (18-57-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 362299
Time elapsed: 43 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 8.0.6001.18904

Java version: 1.6.0_16

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.495000 GHz
Memory total: 2136801280, free: 1015390208

Could not load protection driver
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 8.0.6001.18904

Java version: 1.6.0_16

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.495000 GHz
Memory total: 2136801280, free: 1016266752

Could not load protection driver
Downloaded database version: v2013.05.27.06
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
05/27/2013 14:35:42
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\drivers\tifm21.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_7.2.47873.0.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8e3377c8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff8e31d570
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863bc440
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85201030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863bc440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863bc148, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863bc440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8520fb60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85201030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A6F84945

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 364130304
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 367204352 Numsec = 12328960

Partition 3 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 379533312 Numsec = 11188224
Partition is not bootable
Hidden partition VBR is not infected.

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8e3377c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8d0aa020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8e3377c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8e31d570, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5F107

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3906961408

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_3074048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_3_379533312_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 8.0.6001.18904

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 1.496000 GHz
Memory total: 2136801280, free: 857927680

Could not load protection driver
Downloaded database version: v2015.01.11.11
Downloaded database version: v2015.01.07.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
01/11/2015 18:57:05
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\drivers\tifm21.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\aswTdi.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\UVCFTR_S.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\Users\Choko\AppData\Local\Temp\mbr.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86f4aad8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff86c00ce0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86786ad8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85615030
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86786ad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86683188, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86786ad8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff855f5518, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85615030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A6F84945

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 3074048 Numsec = 364130304
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 367204352 Numsec = 12328960

Partition 3 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 379533312 Numsec = 11188224
Partition is not bootable
Hidden partition VBR is not infected.

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86f4aad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8e7cea58, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86f4aad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86c00ce0, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5F107

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3906961408

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000365289472 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-379533312-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Broni · Jan 11, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Rakshata · Jan 11, 2015

Here is the Combofix.txt log.

ComboFix 15-01-08.01 - Choko 11/01/2015 22:14:16.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.942 [GMT -5:00]
Running from: c:\users\Choko\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\bszip.dll
c:\windows\system32\SET4791.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-12 to 2015-01-12 )))))))))))))))))))))))))))))))
.
.
2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-12 03:29 . 2015-01-12 03:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-01-11 23:22 . 2015-01-11 23:22 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-11 23:22 . 2015-01-11 23:22 -------- d-----w- c:\programdata\RogueKiller
2015-01-10 23:20 . 2015-01-11 23:57 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 23:20 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-10 23:20 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-10 23:20 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-10 23:20 . 2015-01-10 23:20 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-01-10 07:35 . 2015-01-10 07:35 -------- d-----w- c:\users\Choko\AppData\Roaming\OpenOffice
2015-01-10 04:25 . 2015-01-10 04:26 -------- d-----w- c:\program files\OpenOffice 4
2015-01-08 03:05 . 2015-01-08 03:05 -------- d-----w- c:\users\Choko\AppData\Roaming\Canon
2015-01-08 03:04 . 2015-01-08 03:04 -------- d-----w- c:\program files\Canon
2014-12-27 23:26 . 2015-01-12 01:48 -------- d-----w- c:\users\Choko\AppData\Roaming\vlc
2014-12-27 23:17 . 2014-12-27 23:17 -------- d-----w- C:\vlc-2.1.5-win32
2014-12-27 01:15 . 2014-12-27 01:15 -------- d-----w- c:\users\Choko\AppData\Roaming\addpcs
2014-12-26 23:24 . 2014-12-26 23:24 -------- d-----w- c:\program files\Microsoft.NET
2014-12-26 23:22 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-12-26 23:22 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-12-26 23:22 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-12-26 23:22 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-12-26 23:22 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-12-26 23:17 . 2014-12-26 23:27 -------- d-----w- c:\program files\Temp File Cleaner
2014-12-26 22:01 . 2014-12-26 22:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7797321-2637-4A25-8B45-028F0633A51D}\offreg.dll
2014-12-26 21:32 . 2014-12-15 09:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7797321-2637-4A25-8B45-028F0633A51D}\mpengine.dll
2014-12-26 21:08 . 2012-08-31 20:10 284160 ----a-w- c:\windows\system32\mvhlewsi.DLL
2014-12-26 21:08 . 2012-08-31 20:01 1511424 ----a-w- c:\windows\system32\HP1100SM.EXE
2014-12-26 21:08 . 2012-08-31 20:01 151552 ----a-w- c:\windows\system32\HP1100LM.DLL
2014-12-26 21:06 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2014-12-26 21:06 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2014-12-26 21:06 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-12-26 21:06 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2014-12-26 21:06 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-12-26 21:06 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-12-26 21:06 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-12-26 21:06 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-12-26 21:06 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2014-12-21 22:00 . 2012-08-31 20:01 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1100PP.dll
2014-12-21 22:00 . 2014-12-21 22:00 -------- d-----w- c:\program files\HP
2014-12-21 00:44 . 2014-12-21 00:44 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-21 00:44 . 2014-12-21 00:44 43152 ----a-w- c:\windows\avastSS.scr
2014-12-20 03:30 . 2014-12-20 03:30 -------- d-----w- c:\users\Choko\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-21 00:45 . 2013-05-26 23:04 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-21 00:45 . 2013-05-26 23:04 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-21 00:44 . 2014-05-31 19:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-21 00:44 . 2013-05-26 23:04 55240 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-12-21 00:44 . 2013-05-26 23:04 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-12-21 00:44 . 2013-05-26 23:04 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-21 00:44 . 2013-05-26 23:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-21 00:44 . 2013-05-26 23:04 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-09 23:28 . 2013-05-27 19:27 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-09 23:28 . 2011-12-11 22:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 21:03 . 2014-05-31 19:09 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-24 19:04 . 2010-03-29 18:49 229000 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-21 00:43 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 22:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"POP Peeper"="c:\program files\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-12 528832]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"Plantronics MyHeadset Updater"="c:\program files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe" [2014-08-28 79872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-12 669936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-04-11 00:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone]
2008-12-18 20:44 1587576 ----a-w- c:\program files\iCall\iCall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:11]
.
2015-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-27 23:28]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job
- c:\users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 07:34]
.
2015-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job
- c:\users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-04 07:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kccsoft.com\www
TCP: DhcpNameServer = 64.71.255.204 64.71.255.198
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.earthcaller.com/VaxSIPUserAgentCAB.cab
FF - ProfilePath - c:\users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: !HIDDEN! 2010-05-03 21:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-PLTSpokes.exe - c:\program files\Plantronics\Spokes3G\PLTSpokes.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-11 22:29
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-01-11 22:33:46
ComboFix-quarantined-files.txt 2015-01-12 03:33
.
Pre-Run: 43,196,678,144 bytes free
Post-Run: 43,169,140,736 bytes free
.
- - End Of File - - 4A3609A18FA681332B3C2B2F7E1310CA
5B5E648D12FCADC244C1EC30318E1EB9

Broni · Jan 11, 2015

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Rakshata · Jan 12, 2015

When I run adwcleaner, the program just hangs. The status bar stays empty, and there is a message that says "Pending. Please uncheck elements you don't want to remove." It has been like that for the past couple hours. The "Scan" button is still greyed out and the computer did not reboot.

Broni · Jan 12, 2015

Restart computer and see if any log will pop-up.
If not re-run AdwCleaner.

Rakshata · Jan 12, 2015

Here are the logs AdwCleaner[S0].txt and JRT.txt

# AdwCleaner v4.107 - Report created 12/01/2015 at 18:25:34
# Updated 07/01/2015 by Xplode
# Database : 2015-01-12.3 [Live]
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : Choko - GUNDAM
# Running from : C:\Users\Choko\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\invalidprefs.js
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\SOFTWARE\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18904

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v

[C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={28CD8B4F-72EA-4CF8-9597-4244A69D1C1C}&mid=b85ca0c2db24daf9e6d30712da699332-dacaf78502bcdf16d8bfade8c05fba9e10c4dadf&lang=us&ds=AVG&pr=fr&d=2012-02-14 11:55:32&v=10.0.0.7&sap=dsp&q={searchTerms}
[C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.veoh.com/find/?query={searchTerms}

*************************

AdwCleaner[R0].txt - [4295 octets] - [12/01/2015 15:29:21]
AdwCleaner[R1].txt - [3037 octets] - [12/01/2015 18:17:14]
AdwCleaner[S0].txt - [2994 octets] - [12/01/2015 18:25:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3054 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Choko on 12/01/2015 at 18:33:56.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Choko\AppData\Roaming\mozilla\firefox\profiles\iav4g5c1.default\prefs.js

user_pref("socialfixer.100000713777621/cached_content/tips_pagelet", "{\"expires_on\":1372450440082,\"content\":[{\"id\":101,\"content\":\"<div style=\\\"border:2px solid #ccc
Emptied folder: C:\Users\Choko\AppData\Roaming\mozilla\firefox\profiles\iav4g5c1.default\minidumps [119 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/01/2015 at 18:38:52.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rakshata · Jan 12, 2015

And FRST.log Part I

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Choko (administrator) on GUNDAM on 12-01-2015 18:48:46
Running from C:\Users\Choko\Desktop
Loaded Profile: Choko (Available profiles: Choko & Guest)
Platform: Microsoft® Windows Vista™ Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Computer, Inc.) C:\Program Files\Gizmo Project\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [Ad-Watch] => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [528832 2011-06-11] (Lavasoft)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-16] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-03] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [79872 2014-08-28] (Plantronics)
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-19] (Google Inc.)
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKU\S-1-5-18\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [1232896 2008-03-26] (Time Information Services Ltd.)
HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe [669936 2011-06-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4288754783-205699008-1328246205-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://www.kccsoft.com/authorware_web_files/awswaxd.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} http://www.earthcaller.com/VaxSIPUserAgentCAB.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKU\S-1-5-21-4288754783-205699008-1328246205-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4288754783-205699008-1328246205-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\searchplugins\startpage-https.xml
FF Extension: WOT - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
FF Extension: Social Fixer - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\[email protected] [2015-01-03]
FF Extension: Adblock Plus - C:\Users\Choko\AppData\Roaming\Mozilla\Firefox\Profiles\iav4g5c1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-26]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english_uk
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-17]
CHR Extension: (Google Drive) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Google Search) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Avast Online Security) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (Skype Click to Call) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-17]
CHR Extension: (Google Wallet) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Choko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR StartMenuInternet: Google Chrome - C:\Users\Choko\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software)
R2 Bonjour Service; C:\Program Files\Gizmo Project\mDNSResponder.exe [229376 2006-07-06] (Apple Computer, Inc.) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8364848 2014-06-01] (DisplayLink Corp.)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242728 2014-07-01] (Foxit Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1036104 2011-06-11] (Lavasoft)
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-20] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-20] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-20] ()
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [31744 2014-08-28] (CSR plc.)
R3 DisplayLinkUsbIo; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys [38192 2014-06-15] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [370480 2014-06-01] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [17200 2014-06-01] (DisplayLink Corp.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-04-27] (Lavasoft AB)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S2 MLPTDR_Q; C:\Windows\system32\MLPTDR_Q.sys [18848 2004-11-19] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [File not signed]
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2007-11-29] (Windows (R) Codename Longhorn DDK provider)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Choko\AppData\Local\Temp\catchme.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AGRSM.sys CE91B158FA490CF4C4D487A4130F4660
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apfiltr.sys 7C2F57BCE81FA74933F0E1C84A97C9DB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA
C:\Windows\system32\drivers\aswMonFlt.sys 73A9014A9C4B19AA093DA05ED4246E27
C:\Windows\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378E
C:\Windows\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391
C:\Windows\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D
C:\Windows\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6
C:\Windows\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9
C:\Windows\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ED97AD3DF1B9005989EAF149BF06C821
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\System32\DRIVERS\compbatt.sys 722936AFB75A7F509662B69B5632F48A
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\csrbcx86.sys B2B3B745800CFF7F3739B00754EE34DA
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_7.6.55673.0.sys D0F4E3FA1FE197F4C91C3E862A112585
C:\Windows\system32\drivers\dlkmd.sys 61140F48B01A243A5042D668AA0AE0A2
C:\Windows\System32\drivers\dlkmdldr.sys 1FD366F125EC85453133F9198ACB83F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys 01E7971E9F4BD6AC6A08DB52D0EA0418
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys FD7F9D74C2B35DBDA400804A3F5ED5D8
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd32.sys 038815297078D236D8CC064C295A74C6
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 0F16D98C3AF2138FABFA20ADDE4E01FE
C:\Windows\System32\drivers\intelide.sys 988981C840084F480BA9E3319CEBDE1B
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Lbd.sys 419590EBE7855215BB157EA0CF0D0531
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LPCFilter.sys 515FC18CABEE0158A324B08B1C2667CF
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\MLPTDR_Q.sys B39BF953A3A304A2D12751692EC355A0
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motmodem.sys 54FEE02961C70FD9D4D7E2F87AFA23FA
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\System32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys FFFE00134C554E113EE186EEDDB0FF30
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw3v32.sys A15F219208843A5A210C8CB391384453
C:\Windows\System32\DRIVERS\NETw4v32.sys 6522DD40A5F67CED020BD81B856613FB
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys 65AC8BAA2F916EE9203EE48D7FCEE605
C:\Windows\System32\drivers\ccdcmbo.sys 29AF182734A247240D89A0FE63DBEF03
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\drivers\PalmUSBD.sys DC450992EBA6F914080C1F7FBEEED72C
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pccsmcfd.sys 175CC28DCF819F78CAA3FBD44AD9E52A
C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys 6C359AC71D7B550A0D41F9DB4563CE05
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtlh86.sys 5163F804256DEB8CF1EF64B780A18CAA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys BCCA63A3D143938273A3158757389DC7
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffdisk.sys 5381BDDF337DC4D4DDF6AA4304462FD4
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sffp_sd.sys 2883E7A2C362DEB7BE5F43DBDD470BD5
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 5EFCEDCF3DAF5C8D9E8B77A34A4EEC99
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdcmdpst.sys 1825BCEB47BF41C5A9F0E44DE82FC27A
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\tifm21.sys E4C85C291DDB3DC5E4A2F227CA465BA6
C:\Windows\System32\DRIVERS\tos_sps32.sys 1EA5F27C29405BF49799FECA77186DA9
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunmp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS 792A8B80F8188ABA4B2BE271583F3E46
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 2522747BA661514E3770E508CCE45B64
C:\Windows\System32\drivers\usbaudio.sys F6BF998AE33E3FB6C7D27F0560F1173F
C:\Windows\System32\DRIVERS\usbccgp.sys 51480458E6E9863F856EBF35AAE801B4
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 11FA3ACBF0DE0286829C69E01FE705E4
C:\Windows\System32\DRIVERS\usbhub.sys 6A7858A38B5105731E219E7C6A238730
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys 4013315FED70A2D293B998CBBA4022EE
C:\Windows\System32\Drivers\usbvideo.sys 0A6B81F01BC86399482E27E6FDA7B33B
C:\Windows\System32\DRIVERS\usb8023x.sys DB4721908DAA0383EE82FFE430AEBAE1
C:\Windows\System32\Drivers\UVCFTR_S.SYS 3B929A72AAEA96DC0150D3A6DA268C89
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7
C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wpdusb.sys 2D27171B16A577EF14C1273668753485
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:48 - 2015-01-12 18:49 - 00036059 _____ () C:\Users\Choko\Desktop\FRST.txt
2015-01-12 18:48 - 2015-01-12 18:49 - 00000000 ____D () C:\FRST
2015-01-12 18:38 - 2015-01-12 18:38 - 00001069 _____ () C:\Users\Choko\Desktop\JRT.txt
2015-01-12 18:31 - 2015-01-12 18:31 - 00003134 _____ () C:\Users\Choko\Desktop\AdwCleaner[S0].txt
2015-01-12 18:06 - 2015-01-12 18:06 - 01115648 _____ (Farbar) C:\Users\Choko\Desktop\FRST.exe
2015-01-12 18:05 - 2015-01-12 18:05 - 01707939 _____ (Thisisu) C:\Users\Choko\Desktop\JRT.exe
2015-01-12 15:29 - 2015-01-12 18:25 - 00000000 ____D () C:\AdwCleaner
2015-01-12 00:16 - 2015-01-12 00:16 - 02191360 _____ () C:\Users\Choko\Desktop\adwcleaner_4.107.exe
2015-01-11 22:33 - 2015-01-11 22:33 - 00015732 _____ () C:\ComboFix.txt
2015-01-11 22:10 - 2015-01-11 22:33 - 00000000 ____D () C:\Qoobox
2015-01-11 22:10 - 2015-01-11 22:33 - 00000000 ____D () C:\ComboFix
2015-01-11 22:10 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-11 22:10 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-11 22:10 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-11 22:10 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-11 20:49 - 2015-01-11 20:50 - 05609736 ____R (Swearware) C:\Users\Choko\Desktop\ComboFix.exe
2015-01-11 18:50 - 2015-01-11 18:51 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Choko\Desktop\mbar-1.08.2.1001.exe
2015-01-11 18:39 - 2015-01-11 18:39 - 00003850 _____ () C:\Users\Choko\Desktop\RKreport_DEL_01112015_183858.log
2015-01-11 18:22 - 2015-01-11 18:22 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-11 18:22 - 2015-01-11 18:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-11 18:19 - 2015-01-11 18:20 - 15340120 _____ () C:\Users\Choko\Downloads\RogueKiller.exe
2015-01-11 17:22 - 2015-01-11 17:22 - 00005128 _____ () C:\Users\Choko\Desktop\attach.txt
2015-01-11 17:22 - 2015-01-11 17:21 - 00015310 _____ () C:\Users\Choko\Desktop\dds.txt
2015-01-11 15:30 - 2015-01-12 18:27 - 00001460 _____ () C:\Windows\PFRO.log
2015-01-11 00:00 - 2015-01-11 00:00 - 00688992 ____R (Swearware) C:\Users\Choko\Desktop\dds (1).com
2015-01-10 18:20 - 2015-01-11 18:57 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 18:20 - 2015-01-10 18:20 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-10 18:20 - 2015-01-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-10 18:20 - 2015-01-10 18:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-10 18:20 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 18:20 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 18:20 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 18:17 - 2015-01-10 18:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Choko\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-10 03:34 - 2015-01-10 03:34 - 00010240 _____ () C:\Users\Choko\Desktop\Expense Statement Blackberry Pearl.xls
2015-01-10 02:35 - 2015-01-10 02:35 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\OpenOffice
2015-01-09 23:29 - 2015-01-09 23:29 - 00000977 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-01-09 23:29 - 2015-01-09 23:29 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-09 23:25 - 2015-01-09 23:26 - 00000000 ____D () C:\Program Files\OpenOffice 4
2015-01-09 23:13 - 2015-01-09 23:13 - 00000000 ____D () C:\Users\Choko\Desktop\OpenOffice 4.1.1 (en-GB) Installation Files
2015-01-09 03:05 - 2015-01-09 03:15 - 00000000 ____D () C:\Users\Choko\Desktop\2015-01-09
2015-01-08 10:09 - 2015-01-08 10:09 - 00000000 ____D () C:\Users\Choko\Desktop\2015-01-08
2015-01-07 22:05 - 2015-01-07 22:05 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\Canon
2015-01-07 22:04 - 2015-01-07 22:04 - 00001824 _____ () C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
2015-01-07 22:04 - 2015-01-07 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2015-01-07 22:04 - 2015-01-07 22:04 - 00000000 ____D () C:\Program Files\Canon
2015-01-07 22:00 - 2015-01-07 22:01 - 10452536 _____ () C:\Users\Choko\Downloads\ToolBox_4911mf17_Win_EN.exe
2014-12-28 17:33 - 2014-12-28 17:33 - 00000661 _____ () C:\Users\Choko\Desktop\vlc - Shortcut.lnk
2014-12-27 18:26 - 2015-01-11 20:48 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\vlc
2014-12-27 18:17 - 2014-12-27 18:17 - 00000000 ____D () C:\vlc-2.1.5-win32
2014-12-27 02:04 - 2014-12-27 02:04 - 00138736 _____ () C:\Windows\Minidump\Mini122714-01.dmp
2014-12-27 02:04 - 2014-12-27 02:04 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 02:03 - 2014-12-27 02:04 - 220703336 _____ () C:\Windows\MEMORY.DMP
2014-12-26 20:15 - 2014-12-26 20:15 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\addpcs
2014-12-26 18:27 - 2014-12-26 18:27 - 00000833 _____ () C:\Users\Choko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2014-12-26 18:27 - 2014-12-26 18:27 - 00000803 _____ () C:\Users\Choko\Desktop\Temp File Cleaner.lnk
2014-12-26 18:24 - 2014-12-26 18:24 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-26 18:22 - 2009-11-08 12:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-26 18:22 - 2009-11-08 12:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-12-26 18:22 - 2009-11-08 12:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-12-26 18:22 - 2009-11-08 12:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-12-26 18:22 - 2009-11-08 12:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-12-26 18:17 - 2014-12-26 18:27 - 00000000 ____D () C:\Program Files\Temp File Cleaner
2014-12-26 16:08 - 2012-08-31 15:10 - 00284160 _____ () C:\Windows\system32\mvhlewsi.DLL
2014-12-26 16:08 - 2012-08-31 15:01 - 01511424 _____ () C:\Windows\system32\HP1100SM.EXE
2014-12-26 16:08 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\system32\HP1100LM.DLL
2014-12-26 16:06 - 2010-01-25 07:58 - 00473088 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-12-26 16:06 - 2010-01-25 07:58 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-12-26 16:06 - 2010-01-25 07:58 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-12-26 16:06 - 2010-01-25 07:58 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-12-26 16:06 - 2010-01-25 07:56 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-12-26 16:06 - 2010-01-25 03:36 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-12-26 16:06 - 2010-01-25 03:36 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-12-26 16:06 - 2010-01-25 03:36 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-12-26 16:06 - 2010-01-25 03:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-12-21 17:00 - 2014-12-21 17:00 - 00000000 ____D () C:\Program Files\HP
2014-12-20 19:45 - 2014-12-20 19:45 - 00001842 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-20 19:44 - 2014-12-20 19:44 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-20 19:44 - 2014-12-20 19:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-20 19:34 - 2014-12-20 19:43 - 133616624 _____ () C:\Users\Choko\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe
2014-12-19 22:30 - 2014-12-19 22:30 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 18:47 - 2008-01-13 18:29 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\POP Peeper
2015-01-12 18:36 - 2008-01-03 15:13 - 01826709 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 18:28 - 2010-01-30 23:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 18:28 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 18:28 - 2006-11-02 07:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:28 - 2006-11-02 07:47 - 00003200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 18:27 - 2009-03-22 12:39 - 00477564 _____ () C:\aaw7boot.log
2015-01-12 18:26 - 2006-11-02 08:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 18:17 - 2011-09-04 14:57 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job
2015-01-12 18:16 - 2013-05-26 18:05 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 17:28 - 2013-11-03 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 22:30 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-11 20:14 - 2009-10-22 22:23 - 00000000 ____D () C:\Users\Choko\.smplayer
2015-01-11 20:06 - 2013-05-27 13:29 - 00000000 ____D () C:\Users\Choko\Desktop\mbar
2015-01-11 20:06 - 2013-05-27 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-11 18:41 - 2008-01-03 12:47 - 00117088 _____ () C:\Users\Choko\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 18:21 - 2008-02-10 16:20 - 00000000 ____D () C:\misc
2015-01-11 17:39 - 2008-02-10 16:37 - 00000000 ____D () C:\sweeps
2015-01-10 22:11 - 2009-03-21 21:12 - 00000472 _____ () C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-01-10 14:10 - 2006-11-02 07:47 - 00419768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-10 03:42 - 2008-01-04 11:32 - 00178688 _____ () C:\Users\Choko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-09 23:35 - 2007-09-26 23:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-09 23:35 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\ShellNew
2015-01-09 23:35 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
2015-01-09 23:35 - 2006-11-02 06:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-08 11:17 - 2011-09-04 14:57 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job
2015-01-08 10:18 - 2006-11-02 05:33 - 00733380 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 19:24 - 2009-12-08 00:17 - 00000680 _____ () C:\Users\Choko\AppData\Local\d3d9caps.dat
2014-12-28 17:33 - 2008-01-06 04:27 - 00000000 ____D () C:\installation files
2014-12-28 17:05 - 2008-01-04 11:33 - 00000885 _____ () C:\Users\Choko\Desktop\Windows Media Player.lnk
2014-12-28 17:05 - 2008-01-03 12:46 - 00000915 _____ () C:\Users\Choko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-27 01:13 - 2008-02-10 16:03 - 00000000 ____D () C:\cell phone
2014-12-26 19:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-26 19:02 - 2011-09-21 20:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-26 16:26 - 2014-06-22 19:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 16:13 - 2011-09-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-26 15:29 - 2012-09-08 14:00 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-26 14:22 - 2011-07-02 18:58 - 00000000 ____D () C:\Users\Choko\AppData\Roaming\Malwarebytes
2014-12-26 14:21 - 2011-07-02 18:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-26 14:21 - 2011-07-02 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-21 17:00 - 2008-01-03 12:46 - 00000000 ____D () C:\Users\Choko
2014-12-21 16:54 - 2011-04-25 11:27 - 00000000 ____D () C:\financial
2014-12-20 19:45 - 2013-05-26 18:04 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-20 19:45 - 2013-05-26 18:04 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-20 19:44 - 2014-05-31 14:15 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-20 19:44 - 2013-05-26 18:04 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-20 19:44 - 2013-05-26 18:04 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-20 19:44 - 2013-05-26 18:04 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-12-20 19:44 - 2013-05-26 18:04 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-12-20 19:44 - 2013-05-26 18:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

Some content of TEMP:
====================
C:\Users\Choko\AppData\Local\temp\Quarantine.exe
C:\Users\Choko\AppData\Local\temp\sqlite3.dll

Rakshata · Jan 12, 2015

And FRST.txt part II

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {e48455a6-6c95-11dc-8303-0016d4f6297d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\Boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {e48455a6-6c95-11dc-8303-0016d4f6297d}
nx OptIn

Resume from Hibernate
---------------------
identifier {e48455a6-6c95-11dc-8303-0016d4f6297d}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi

LastRegBack: 2015-01-12 18:34

==================== End Of Log ============================

Rakshata · Jan 12, 2015

And Addition.txt Part I

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Choko at 2015-01-12 18:50:20
Running from C:\Users\Choko\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft)
Ad-Aware (Version: 8.0.0 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.0.301.4 - ALPS ELECTRIC CO., LTD)
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.23 - Avanquest Software)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Budget Dialup Software (HKLM\...\Budget Dialup Software) (Version: 2004 - Budget Dialup)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
Canon MF Toolbox 4.9.1.1.mf17 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 9.00 - Avanquest software)
Classic PhoneTools (Version: 9.00 - BVRP Software) Hidden
Clearpointel (HKLM\...\{4CA4666D-4CDF-40F4-AE6D-7C742BF9A72F}) (Version: 1.1.1 - Clearpoint Telecom)
Clearpointel (HKLM\...\{C4653293-E86B-4892-B8CB-4EC94D211B27}) (Version: 1.0.7 - Clearpointel)
Dell Voice (HKLM\...\{3A0CBC70-6508-40BF-A52C-1638F6401E9D}) (Version: 1.1.0 - Fongo Inc.)
Desktop eForms (HKLM\...\{82983A4C-AB68-4E49-A561-59C5A7F56165}) (Version: 4.2.00700.2246 - FileNet)
DisplayLink Core Software (HKLM\...\{D8F76447-C498-47E2-8DA2-94826EBBBD7E}) (Version: 7.6.55673.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{EC9ECF5F-6876-4F52-99B9-89A4636A1CAD}) (Version: 7.6.55705.0 - DisplayLink Corp.)
Documents To Go (HKLM\...\{F2D45137-7631-4824-B285-52742329DE4B}) (Version: 11.000.501 - DataViz Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.7.140.701 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Freephoneline (HKLM\...\{2AED3E0F-66AB-45DD-8D1A-FD75262DB2AE}) (Version: 3.2.7 - freephoneline.ca)
Gizmo5 (HKLM\...\Gizmo5) (Version: 4.0.5.400 - Gizmo5 Technologies, Inc.)
Google Chrome (HKU\S-1-5-21-4288754783-205699008-1328246205-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iCall (HKLM\...\iCall_is1) (Version: 4.0.0.22 - iCall, Inc.)
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: - )
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Kensington Display Adapter (HKLM\...\{22B889A1-CAC4-445A-B4E4-57DA1DAEBEB6}) (Version: 6.1.35912.0 - Kensington Computer Products Group)
Kensington Universal Notebook Docking Station with VGA and DVI (HKLM\...\Kensington Universal Notebook Docking Station with VGA and DVI) (Version: 5.2 - )
KONICA MINOLTA PagePro 1350W (HKLM\...\KONICA MINOLTA PagePro 1350W) (Version: - )
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
mCore (Version: 9.09.0000 - Intel Corporation) Hidden
mHelp (Version: 9.09.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mMHouse (Version: 9.09.0000 - Intel Corporation) Hidden
MotoConnect (HKLM\...\{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}) (Version: 1.1.21 - Motorola)
Motorola Driver Installation 4.5.0 (HKLM\...\{A0673E9E-4510-4AA0-B860-58FD5A7212A1}) (Version: 4.5.0 - Motorola Inc.)
Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 5.31a 05/13/2010 - Avanquest Software)
Motorola Phone Tools (Version: 4.30 - BVRP Software) Hidden
Motorola Phone Tools (Version: 5.00 - BVRP Software) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mPfMgr (Version: 9.09.0000 - Intel Corporation) Hidden
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{4F1DCA42-2030-437C-A94E-736692A499C1}) (Version: 6.86.11.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 6.86.9.3 - Nokia)
Nokia PC Suite (Version: 6.86.9.3 - Nokia) Hidden
OnlinePlay 1.0 (HKLM\...\OnlinePlay) (Version: 1.0 - AOL LLC)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}) (Version: 6.4.0.0 - Palm, Inc.)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Peak Scanner Software v1.0 (HKLM\...\InstallShield_{1373C855-146E-46D1-8105-FFFE8AFF2413}) (Version: 1.00.0000 - Applied Biosystems)
Peak Scanner Software v1.0 (Version: 1.00.0000 - Applied Biosystems) Hidden
Plantronics CSR Driver (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics CsrDfu Installer (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics HidDfu Installer (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater (HKLM\...\{b7053b54-3c7d-41e0-88ef-92d122848268}) (Version: 3.1.50774.5235 - Plantronics, Inc.)
Plantronics MyHeadset Updater (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Device Handlers (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater DFU Handlers (32-bit) (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Install Check (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater MLS (Version: 3.0.0.0 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Runtime (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
Plantronics MyHeadset Updater Startup (Version: 3.1.50774.5235 - Plantronics, Inc.) Hidden
POP Peeper (HKLM\...\POP Peeper) (Version: - Mortal Universe)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5477 - Realtek Semiconductor Corp.)
Recover Files 2.1 (HKLM\...\Recover Files_is1) (Version: - Undelete & Unerase, Inc.)
reminder (HKLM\...\{65D4DAA8-3611-4322-8E69-27880AFD90EC}) (Version: 3.0.0.5 - TOSHIBA)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SMPlayer 0.6.7 (HKLM\...\SMPlayer) (Version: 0.6.7 - RVM)
StudioTax 2011 (HKLM\...\{5E4ADF05-F045-4F82-9E98-422B2FCB944C}) (Version: 7.0.7.0 - BHOK IT Consulting)
StudioTax 2012 (HKLM\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.3 - BHOK IT Consulting)
StudioTax 2013 (HKLM\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.0 - BHOK IT Consulting)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.11.0 - Synaptics Incorporated)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1a - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebWasher (HKLM\...\WebWasher) (Version: 3.4 - webwasher.com AG)
Winamp (HKLM\...\Winamp) (Version: 5.52 - Nullsoft, Inc)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows Driver Package - Nokia Modem (03/05/2008 3.7) (HKLM\...\CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A) (Version: 03/05/2008 3.7 - Nokia)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) (HKLM\...\E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D) (Version: 03/13/2008 6.86.0.1 - Nokia)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) (HKLM\...\819D45A9F73817F5B6D7C71A33ADAB88C5DA1765) (Version: 08/03/2007 6.84.0.2 - Nokia)
Windows Driver Package - Nokia Modem (10/12/2007 3.6) (HKLM\...\6A630DCEC5EEC912115F2FF59D8C2C769798D930) (Version: 10/12/2007 3.6 - Nokia)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\WebEx\1426\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{7644204c-5eb0-4e21-b225-fc6c1fca74f7}\localserver32 -> C:\Program Files\Nokia\Nokia PC Suite 6\MultimediaPlayer.exe (Nokia)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

30-08-2014 12:51:59 Device Driver Package Install: Cambridge Silicon Radio Universal Serial Bus controllers
01-09-2014 18:03:16 avast! antivirus system restore point
08-09-2014 23:16:26 Scheduled Checkpoint
20-12-2014 19:36:37 avast! antivirus system restore point
21-12-2014 16:58:54 Device Driver Package Install: Marvell Printers
26-12-2014 16:06:23 Windows Update
26-12-2014 18:21:00 Windows Update
09-01-2015 23:16:36 Installed OpenOffice 4.1.1
09-01-2015 23:32:26 Removed Microsoft Office 2000 Premium
11-01-2015 18:42:32 Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-01-11 22:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FE50AC2-79D3-4CB0-9938-4CE97BEA7A45} - System32\Tasks\{BFC4A2CE-FEEF-4349-A7AD-70C2BBFCF743} => pcalua.exe -a "C:\installation files\PsmPlay5.41.exe" -d "C:\installation files"
Task: {3423BB1F-E542-41F7-BC83-CE848B6E559A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software)
Task: {3794843A-D922-457A-A389-43383366402C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {3B9B98D2-73A5-46AA-8291-657575180198} - System32\Tasks\SoftPlanet Software Assistant => C:\Program Files\SoftPlanet Software Assistant\spassist.exe
Task: {490DECAF-5900-4327-9131-DD0D4CD93A00} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-11] (Lavasoft)
Task: {5F6AADB3-40CA-459A-87C3-A9438EF80448} - System32\Tasks\{1E37F030-EC3E-4A04-97AE-A5378D4F52CC} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {64EC8A58-0C35-499E-B024-1D6E6589DF11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {88F4CDA7-F6D0-4CC7-B2E5-8A0A568E227A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D6FBB37E-58F1-414B-B890-147FC85F5CB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {FD8E5EE0-C0A3-49FC-914A-0D8BA52E275A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {FE3D9663-DC4B-414B-8A7A-336CF2AF2FEC} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000Core.job => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4288754783-205699008-1328246205-1000UA.job => C:\Users\Choko\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-12 14:38 - 2015-01-12 14:38 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011201\algo.dll
2006-10-17 17:13 - 2006-10-17 17:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-03-06 16:40 - 2007-03-06 16:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2014-12-26 16:08 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-12-21 17:00 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2009-12-08 00:57 - 2010-01-27 11:37 - 00091392 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2007-09-27 00:35 - 2007-09-26 03:14 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2006-11-06 19:14 - 2006-11-06 19:14 - 00034352 _____ () C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
2014-12-20 19:44 - 2014-12-20 19:44 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-28 04:34 - 2014-08-28 04:34 - 00032768 _____ () C:\Program Files\Plantronics\MyHeadsetUpdater\NativeUsbLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Choko\AppData\Local\Re_ Morons.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
MSCONFIG\startupreg: iCall Internet Phone => "C:\Program Files\iCall\iCall.exe" /startup
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-4288754783-205699008-1328246205-500 - Administrator - Disabled)
Choko (S-1-5-21-4288754783-205699008-1328246205-1000 - Administrator - Enabled) => C:\Users\Choko
Guest (S-1-5-21-4288754783-205699008-1328246205-501 - Limited - Enabled) => C:\Users\Guest

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 06:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x11a0, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x830, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x13a0, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x280, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x1154, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0xa90, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x3e8, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x1298, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x11f0, application start time 0xDisplayLinkKensingtonSupport.exe0.

Error: (01/12/2015 06:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DisplayLinkKensingtonSupport.exe, version 6.1.35912.0, time stamp 0x4ee81546, faulting module DisplayLinkUsb.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000135, fault offset 0x00008fc7,
process id 0x1430, application start time 0xDisplayLinkKensingtonSupport.exe0.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (01/12/2015 06:51:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc711a001d02ec2a4cd9ac2

Error: (01/12/2015 06:50:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc783001d02ec27bb74372

Error: (01/12/2015 06:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc713a001d02ec2527966f2

Error: (01/12/2015 06:47:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc728001d02ec22897a952

Error: (01/12/2015 06:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7115401d02ec1ff477d52

Error: (01/12/2015 06:45:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7a9001d02ec1d638ee32

Error: (01/12/2015 06:44:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc73e801d02ec1ad3ab2c2

Error: (01/12/2015 06:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7129801d02ec1843cec82

Error: (01/12/2015 06:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc711f001d02ec15b489c22

Error: (01/12/2015 06:40:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DisplayLinkKensingtonSupport.exe6.1.35912.04ee81546DisplayLinkUsb.dll6.0.6000.163864549bdc9c000013500008fc7143001d02ec132586a72

CodeIntegrity Errors:
===================================
Date: 2015-01-12 18:50:11.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:11.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:11.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:11.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:11.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:10.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:10.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-12 18:50:10.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-11 22:16:34.923
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-01-11 22:16:34.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Rakshata · Jan 12, 2015

And Addition.txt Part II

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz
Percentage of memory in use: 56%
Total physical RAM: 2037.81 MB
Available physical RAM: 879.06 MB
Total Pagefile: 4281.14 MB
Available Pagefile: 3035.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.9 MB

==================== Drives ================================

Drive c: (S3A6101D004) (Fixed) (Total:173.63 GB) (Free:39.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5.88 GB) (Free:5.17 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1406.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: A6F84945)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=173.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5.3 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Jan 12, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Rakshata · Jan 12, 2015

Here is the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02
Ran by Choko at 2015-01-12 20:41:02 Run:1
Running from C:\Users\Choko\Desktop
Loaded Profile: Choko (Available profiles: Choko & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 catchme; \??\C:\Users\Choko\AppData\Local\Temp\catchme.sys [X]
C:\Users\Choko\AppData\Local\temp\Quarantine.exe
C:\Users\Choko\AppData\Local\temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Choko\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
AlternateDataStreams: C:\Users\Choko\AppData\Local\Re_ Morons.eml:OECustomProperty

*****************

"HKU\S-1-5-21-4288754783-205699008-1328246205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
catchme => Service deleted successfully.
C:\Users\Choko\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Choko\AppData\Local\temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{05589F80-C356-11CE-BF01-00AA0055595A}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{294935CE-F637-4E7C-A41B-AB255460B862}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{5BB4BE4A-09B3-4689-BB4B-6F33E1E82797}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CC58E280-8AA1-11D1-B3F1-00AA003761C5}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{F72A76A0-EB0A-11D0-ACE4-0000C0CC16BA}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => Key deleted successfully.
"HKU\S-1-5-21-4288754783-205699008-1328246205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\Users\Choko\AppData\Local\Re_ Morons.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog 20:41:04 ====

Broni · Jan 12, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Rakshata · Jan 14, 2015

Here is the Security Check log.

Results of screen317's Security Check version 0.99.93
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Temp File Cleaner
Java(TM) 6 Update 16
Java 8 Update 25
Java(TM) SE Runtime Environment 6
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.257
Mozilla Firefox (34.0.5)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

FSS log.

Farbar Service Scanner Version: 21-07-2014
Ran by Choko (administrator) on 12-01-2015 at 22:43:26
Running from "C:\Users\Choko\Desktop"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · Jan 16, 2015

Sophos?

Rakshata · Jan 16, 2015

Sophos found no threats and didn't show me a log. Is it in a directory somewhere?

Broni · Jan 16, 2015

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Rakshata · Jan 16, 2015

Found the Sophos log.

2015-01-13 05:18:13.428 Sophos Virus Removal Tool version 2.5.4
2015-01-13 05:18:13.429 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-13 05:18:13.429 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-13 05:18:13.429 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
2015-01-13 05:18:13.430 Checking for updates...
2015-01-13 05:18:27.449 Update progress: proxy server not available
2015-01-13 05:19:00.107 Option all = no
2015-01-13 05:19:00.107 Option recurse = yes
2015-01-13 05:19:00.107 Option archive = no
2015-01-13 05:19:00.107 Option service = yes
2015-01-13 05:19:00.107 Option confirm = yes
2015-01-13 05:19:00.107 Option sxl = yes
2015-01-13 05:19:00.111 Option max-data-age = 35
2015-01-13 05:19:00.111 Option EnableSafeClean = yes
2015-01-13 05:19:01.415 Option vdl-logging = yes
2015-01-13 05:19:01.421 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-13 05:19:01.421 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-13 05:19:01.528 Component SVRTcli.exe version 2.5.4
2015-01-13 05:19:01.528 Component control.dll version 2.5.4
2015-01-13 05:19:01.530 Component SVRTservice.exe version 2.5.4
2015-01-13 05:19:01.530 Component engine\osdp.dll version 1.44.1.2183
2015-01-13 05:19:01.531 Component engine\veex.dll version 3.58.3.2183
2015-01-13 05:19:01.532 Component engine\savi.dll version 8.1.5.2183
2015-01-13 05:19:01.570 Component rkdisk.dll version 1.5.30.0
2015-01-13 05:19:01.570 Version info: Product version 2.5.4
2015-01-13 05:19:01.572 Version info: Detection engine 3.58.3
2015-01-13 05:19:01.572 Version info: Detection data 5.08
2015-01-13 05:19:01.573 Version info: Build date 11/11/2014
2015-01-13 05:19:01.573 Version info: Data files added 563
2015-01-13 05:19:01.573 Version info: Last successful update (not yet updated)
2015-01-13 05:19:32.662 Downloading updates...
2015-01-13 05:19:32.703 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-13 05:19:32.703 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-13 05:19:32.703 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-13 05:19:32.703 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-13 05:19:40.179 Update progress: [I19463] Syncing product IDE509 177
2015-01-13 05:19:46.941 Installing updates...
2015-01-13 05:19:48.743 Error level 1
2015-01-13 05:19:51.893 Update progress: [I19463] Syncing product IDE510 179
2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE511 170
2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE512 42
2015-01-13 05:19:51.894 Update progress: [I19463] Syncing product IDE513 1
2015-01-13 05:21:35.994 Update successful
2015-01-13 05:21:58.231 Option all = no
2015-01-13 05:21:58.231 Option recurse = yes
2015-01-13 05:21:58.231 Option archive = no
2015-01-13 05:21:58.231 Option service = yes
2015-01-13 05:21:58.231 Option confirm = yes
2015-01-13 05:21:58.231 Option sxl = yes
2015-01-13 05:21:58.234 Option max-data-age = 35
2015-01-13 05:21:58.234 Option EnableSafeClean = yes
2015-01-13 05:21:59.557 Option vdl-logging = yes
2015-01-13 05:21:59.564 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-13 05:21:59.564 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-13 05:21:59.566 Component SVRTcli.exe version 2.5.4
2015-01-13 05:21:59.567 Component control.dll version 2.5.4
2015-01-13 05:21:59.568 Component SVRTservice.exe version 2.5.4
2015-01-13 05:21:59.569 Component engine\osdp.dll version 1.44.1.2183
2015-01-13 05:21:59.569 Component engine\veex.dll version 3.58.3.2183
2015-01-13 05:21:59.570 Component engine\savi.dll version 8.1.5.2183
2015-01-13 05:21:59.572 Component rkdisk.dll version 1.5.30.0
2015-01-13 05:21:59.572 Version info: Product version 2.5.4
2015-01-13 05:21:59.574 Version info: Detection engine 3.58.3
2015-01-13 05:21:59.574 Version info: Detection data 5.08G
2015-01-13 05:21:59.574 Version info: Build date 11/11/2014
2015-01-13 05:21:59.574 Version info: Data files added 563
2015-01-13 05:21:59.574 Version info: Last successful update 13/01/2015 12:21:35 AM

2015-01-13 05:56:40.288 Password protected file C:\chronicles\TDC.xls
2015-01-13 05:57:09.912 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
2015-01-13 05:57:50.264 Could not open C:\hiberfil.sys
2015-01-13 05:59:46.734 Could not open C:\pagefile.sys
2015-01-13 06:16:29.245 Could not open C:\System Volume Information\{027c9250-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.246 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.248 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.249 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.249 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.250 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.251 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.252 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.253 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.254 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:16:29.255 Could not open C:\System Volume Information\{f7a60dd3-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 06:44:43.011 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-13 06:44:43.014 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-13 06:44:52.852 Could not open C:\Windows\System32\config\COMPONENTS
2015-01-13 06:44:52.954 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-01-13 06:44:52.958 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-13 06:44:52.960 Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-13 06:44:52.964 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-13 06:44:52.966 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-13 06:44:52.969 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-13 07:11:40.180 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.181 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.182 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.183 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.183 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.184 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.185 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.186 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.187 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.187 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.188 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.189 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.190 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.190 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.191 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:11:40.192 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 07:15:02.387 SafeClean bin directory is empty.
2015-01-13 07:15:07.084 Error level 0

2015-01-13 08:54:46.429 Scan completed.
2015-01-13 08:54:46.429

------------------------------------------------------------

2015-01-13 21:36:04.769 Sophos Virus Removal Tool version 2.5.4
2015-01-13 21:36:04.770 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-13 21:36:04.770 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-13 21:36:04.770 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
2015-01-13 21:36:04.771 Checking for updates...
2015-01-13 21:36:18.118 Update progress: proxy server not available
2015-01-13 21:37:06.133 Option all = no
2015-01-13 21:37:06.133 Option recurse = yes
2015-01-13 21:37:06.133 Option archive = no
2015-01-13 21:37:06.133 Option service = yes
2015-01-13 21:37:06.133 Option confirm = yes
2015-01-13 21:37:06.133 Option sxl = yes
2015-01-13 21:37:06.136 Option max-data-age = 35
2015-01-13 21:37:06.136 Option EnableSafeClean = yes
2015-01-13 21:37:06.275 Option vdl-logging = yes
2015-01-13 21:37:06.319 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-13 21:37:06.319 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-13 21:37:06.453 Component SVRTcli.exe version 2.5.4
2015-01-13 21:37:06.453 Component control.dll version 2.5.4
2015-01-13 21:37:06.454 Component SVRTservice.exe version 2.5.4
2015-01-13 21:37:06.455 Component engine\osdp.dll version 1.44.1.2183
2015-01-13 21:37:06.456 Component engine\veex.dll version 3.58.3.2183
2015-01-13 21:37:06.457 Component engine\savi.dll version 8.1.5.2183
2015-01-13 21:37:06.524 Component rkdisk.dll version 1.5.30.0
2015-01-13 21:37:06.524 Version info: Product version 2.5.4
2015-01-13 21:37:06.526 Version info: Detection engine 3.58.3
2015-01-13 21:37:06.526 Version info: Detection data 5.08G
2015-01-13 21:37:06.526 Version info: Build date 11/11/2014
2015-01-13 21:37:06.526 Version info: Data files added 563
2015-01-13 21:37:06.527 Version info: Last successful update 13/01/2015 12:21:35 AM
2015-01-13 21:37:26.316 Downloading updates...
2015-01-13 21:37:26.320 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-13 21:37:26.320 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-13 21:37:26.320 Update progress: [I19463] Syncing product IDE509 177
2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE510 179
2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE511 170
2015-01-13 21:37:26.819 Update progress: [I19463] Syncing product IDE512 47
2015-01-13 21:37:27.242 Installing updates...
2015-01-13 21:37:28.245 Error level 1
2015-01-13 21:37:29.136 Update progress: [I19463] Syncing product IDE513 1
2015-01-13 21:37:29.278 Update successful
2015-01-13 21:38:04.383 Option all = no
2015-01-13 21:38:04.383 Option recurse = yes
2015-01-13 21:38:04.383 Option archive = no
2015-01-13 21:38:04.383 Option service = yes
2015-01-13 21:38:04.383 Option confirm = yes
2015-01-13 21:38:04.384 Option sxl = yes
2015-01-13 21:38:04.387 Option max-data-age = 35
2015-01-13 21:38:04.387 Option EnableSafeClean = yes
2015-01-13 21:38:04.506 Option vdl-logging = yes
2015-01-13 21:38:04.512 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-13 21:38:04.512 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-13 21:38:04.515 Component SVRTcli.exe version 2.5.4
2015-01-13 21:38:04.515 Component control.dll version 2.5.4
2015-01-13 21:38:04.516 Component SVRTservice.exe version 2.5.4
2015-01-13 21:38:04.517 Component engine\osdp.dll version 1.44.1.2183
2015-01-13 21:38:04.518 Component engine\veex.dll version 3.58.3.2183
2015-01-13 21:38:04.519 Component engine\savi.dll version 8.1.5.2183
2015-01-13 21:38:04.520 Component rkdisk.dll version 1.5.30.0
2015-01-13 21:38:04.520 Version info: Product version 2.5.4
2015-01-13 21:38:04.522 Version info: Detection engine 3.58.3
2015-01-13 21:38:04.522 Version info: Detection data 5.08G
2015-01-13 21:38:04.523 Version info: Build date 11/11/2014
2015-01-13 21:38:04.523 Version info: Data files added 568
2015-01-13 21:38:04.523 Version info: Last successful update 13/01/2015 4:37:29 PM

2015-01-13 22:08:21.717 Could not open C:\Boot\BCD
2015-01-13 22:11:29.877 Password protected file C:\chronicles\TDC.xls
2015-01-13 22:12:01.616 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
2015-01-13 22:12:37.053 Could not open C:\hiberfil.sys
2015-01-13 22:14:40.963 Could not open C:\pagefile.sys
2015-01-13 22:30:10.753 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.754 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.755 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.756 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.757 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.758 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.759 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.760 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:30:10.760 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 22:56:50.965 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-13 22:56:50.968 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-13 22:56:58.264 Could not open C:\Windows\System32\config\COMPONENTS
2015-01-13 22:56:58.494 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-01-13 22:56:58.497 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-13 22:56:58.501 Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-13 22:56:58.504 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-13 22:56:58.507 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-13 22:56:58.510 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-13 23:21:56.140 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.165 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.166 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.166 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.167 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.168 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:21:56.169 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-13 23:25:13.832 SafeClean bin directory is empty.
2015-01-13 23:25:15.403 Error level 0

2015-01-14 00:12:25.045 Scan completed.
2015-01-14 00:12:25.045

------------------------------------------------------------

2015-01-14 21:44:01.544 Sophos Virus Removal Tool version 2.5.4
2015-01-14 21:44:01.545 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-14 21:44:01.545 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-14 21:44:01.545 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
2015-01-14 21:44:01.548 Checking for updates...
2015-01-14 21:44:15.815 Update progress: proxy server not available
2015-01-14 21:44:51.765 Downloading updates...
2015-01-14 21:44:51.939 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-14 21:44:51.940 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-14 21:44:51.940 Update progress: [I19463] Syncing product IDE509 177
2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE510 179
2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE511 170
2015-01-14 21:45:12.539 Update progress: [I19463] Syncing product IDE512 53
2015-01-14 21:45:13.731 Installing updates...
2015-01-14 21:45:38.238 Option all = no
2015-01-14 21:45:41.239 Option recurse = yes
2015-01-14 21:45:41.239 Option archive = no
2015-01-14 21:45:41.239 Option service = yes
2015-01-14 21:45:41.239 Option confirm = yes
2015-01-14 21:45:41.240 Option sxl = yes
2015-01-14 21:45:41.240 Option max-data-age = 35
2015-01-14 21:45:41.240 Option EnableSafeClean = yes
2015-01-14 21:45:41.240 Option vdl-logging = yes
2015-01-14 21:45:41.240 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-14 21:45:41.240 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-14 21:45:41.240 Component SVRTcli.exe version 2.5.4
2015-01-14 21:45:41.240 Component control.dll version 2.5.4
2015-01-14 21:45:41.240 Component SVRTservice.exe version 2.5.4
2015-01-14 21:45:41.240 Component engine\osdp.dll version 1.44.1.2183
2015-01-14 21:45:41.240 Component engine\veex.dll version 3.58.3.2183
2015-01-14 21:45:41.241 Component engine\savi.dll version 8.1.5.2183
2015-01-14 21:45:41.241 Component rkdisk.dll version 1.5.30.0
2015-01-14 21:45:41.276 Version info: Product version 2.5.4
2015-01-14 21:45:41.276 Version info: Detection engine 3.58.3
2015-01-14 21:45:41.276 Version info: Detection data 5.08G
2015-01-14 21:45:41.276 Version info: Build date 11/11/2014
2015-01-14 21:45:41.276 Version info: Data files added 568
2015-01-14 21:45:41.276 Version info: Last successful update 13/01/2015 4:37:29 PM
2015-01-14 21:45:41.277 Error level 1
2015-01-14 21:45:43.828 Update progress: [I19463] Syncing product IDE513 1
2015-01-14 21:45:44.174 Update successful
2015-01-14 21:46:47.358 Option all = no
2015-01-14 21:46:47.358 Option recurse = yes
2015-01-14 21:46:47.358 Option archive = no
2015-01-14 21:46:47.358 Option service = yes
2015-01-14 21:46:47.358 Option confirm = yes
2015-01-14 21:46:47.358 Option sxl = yes
2015-01-14 21:46:47.368 Option max-data-age = 35
2015-01-14 21:46:47.368 Option EnableSafeClean = yes
2015-01-14 21:46:47.969 Option vdl-logging = yes
2015-01-14 21:46:48.107 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-14 21:46:48.107 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-14 21:46:48.301 Component SVRTcli.exe version 2.5.4
2015-01-14 21:46:48.303 Component control.dll version 2.5.4
2015-01-14 21:46:48.303 Component SVRTservice.exe version 2.5.4
2015-01-14 21:46:48.304 Component engine\osdp.dll version 1.44.1.2183
2015-01-14 21:46:48.306 Component engine\veex.dll version 3.58.3.2183
2015-01-14 21:46:48.306 Component engine\savi.dll version 8.1.5.2183
2015-01-14 21:46:48.364 Component rkdisk.dll version 1.5.30.0
2015-01-14 21:46:48.364 Version info: Product version 2.5.4
2015-01-14 21:46:48.364 Version info: Detection engine 3.58.3
2015-01-14 21:46:48.364 Version info: Detection data 5.08G
2015-01-14 21:46:48.364 Version info: Build date 11/11/2014
2015-01-14 21:46:48.364 Version info: Data files added 574
2015-01-14 21:46:48.364 Version info: Last successful update 14/01/2015 4:45:44 PM

2015-01-14 23:09:33.904 Could not open C:\Boot\BCD
2015-01-14 23:14:16.790 Password protected file C:\chronicles\TDC.xls
2015-01-14 23:14:54.508 Could not check C:\Guelph\cross res\040624benomyl.xls (corrupt)
2015-01-14 23:15:42.412 Could not open C:\hiberfil.sys
2015-01-14 23:18:38.318 Could not open C:\pagefile.sys
2015-01-14 23:36:14.418 Could not open C:\System Volume Information\{0d9e3dd4-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.419 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.419 Could not open C:\System Volume Information\{74b1e8c9-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.420 Could not open C:\System Volume Information\{9102854c-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.421 Could not open C:\System Volume Information\{a008377a-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.425 Could not open C:\System Volume Information\{a0083784-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.426 Could not open C:\System Volume Information\{add74d06-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.427 Could not open C:\System Volume Information\{f13742b9-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:36:14.428 Could not open C:\System Volume Information\{f13742ff-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-14 23:59:04.062 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-01-14 23:59:04.064 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-01-14 23:59:10.898 Could not open C:\Windows\System32\config\COMPONENTS
2015-01-14 23:59:10.929 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2015-01-14 23:59:10.932 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-01-14 23:59:10.934 Could not open C:\Windows\System32\config\RegBack\SAM
2015-01-14 23:59:10.937 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-01-14 23:59:10.940 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-01-14 23:59:10.942 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-01-15 00:20:32.055 Could not open D:\System Volume Information\{027c9251-313d-11e4-b61c-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.056 Could not open D:\System Volume Information\{0d9e3dd5-893d-11e4-b313-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.056 Could not open D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.057 Could not open D:\System Volume Information\{3bffb200-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.058 Could not open D:\System Volume Information\{3bffb222-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.059 Could not open D:\System Volume Information\{3bffb22c-f4ed-11e3-9ba8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.059 Could not open D:\System Volume Information\{5de6da70-2fe8-11e4-9f38-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.060 Could not open D:\System Volume Information\{74b1e8ca-8890-11e4-b227-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.061 Could not open D:\System Volume Information\{8458c92f-fa2d-11e3-bb33-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.062 Could not open D:\System Volume Information\{9102854d-99d0-11e4-a4b3-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.063 Could not open D:\System Volume Information\{a008377b-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.063 Could not open D:\System Volume Information\{a0083785-984d-11e4-b490-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.064 Could not open D:\System Volume Information\{add74d07-9adf-11e4-b4ca-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.065 Could not open D:\System Volume Information\{f13742ba-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.066 Could not open D:\System Volume Information\{f1374300-8d3c-11e4-9491-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:20:32.067 Could not open D:\System Volume Information\{f7a60dd4-3791-11e4-b3a8-001b38ad7e35}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-01-15 00:23:44.005 SafeClean bin directory is empty.
2015-01-15 00:23:51.441 Error level 0

2015-01-15 00:34:01.532 Scan completed.
2015-01-15 00:34:01.532

------------------------------------------------------------

2015-01-16 20:52:49.194 Sophos Virus Removal Tool version 2.5.4
2015-01-16 20:52:49.195 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-01-16 20:52:49.195 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-01-16 20:52:49.195 Windows version 6.0 SP 0.0 build 6000 SM=0x300 PT=0x1 Win32
2015-01-16 20:52:49.197 Checking for updates...
2015-01-16 20:53:02.981 Update progress: proxy server not available
2015-01-16 20:53:38.119 Downloading updates...
2015-01-16 20:53:38.131 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE509 LATEST
2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE510 LATEST
2015-01-16 20:53:38.131 Update progress: [I49502] Found supplement IDE511 LATEST
2015-01-16 20:53:38.132 Update progress: [I49502] Found supplement IDE512 LATEST
2015-01-16 20:53:38.132 Update progress: [I49502] Found supplement IDE513 LATEST
2015-01-16 20:53:38.132 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-01-16 20:53:38.132 Update progress: [I19463] Syncing product SAVIW32 48
2015-01-16 20:53:47.457 Update progress: [I19463] Syncing product IDE509 177
2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE510 179
2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE511 170
2015-01-16 20:54:08.968 Update progress: [I19463] Syncing product IDE512 67
2015-01-16 20:54:10.023 Installing updates...
2015-01-16 20:54:34.253 Option all = no
2015-01-16 20:54:35.653 Option recurse = yes
2015-01-16 20:54:35.653 Option archive = no
2015-01-16 20:54:35.653 Option service = yes
2015-01-16 20:54:35.654 Option confirm = yes
2015-01-16 20:54:35.654 Option sxl = yes
2015-01-16 20:54:35.654 Option max-data-age = 35
2015-01-16 20:54:35.654 Option EnableSafeClean = yes
2015-01-16 20:54:35.654 Option vdl-logging = yes
2015-01-16 20:54:35.654 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-16 20:54:35.654 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-16 20:54:35.654 Component SVRTcli.exe version 2.5.4
2015-01-16 20:54:35.654 Component control.dll version 2.5.4
2015-01-16 20:54:35.654 Component SVRTservice.exe version 2.5.4
2015-01-16 20:54:35.654 Component engine\osdp.dll version 1.44.1.2183
2015-01-16 20:54:35.654 Component engine\veex.dll version 3.58.3.2183
2015-01-16 20:54:35.655 Component engine\savi.dll version 8.1.5.2183
2015-01-16 20:54:35.655 Component rkdisk.dll version 1.5.30.0
2015-01-16 20:54:35.655 Version info: Product version 2.5.4
2015-01-16 20:54:35.655 Version info: Detection engine 3.58.3
2015-01-16 20:54:35.655 Version info: Detection data 5.08G
2015-01-16 20:54:35.655 Version info: Build date 11/11/2014
2015-01-16 20:54:35.655 Version info: Data files added 574
2015-01-16 20:54:35.655 Version info: Last successful update 14/01/2015 4:45:44 PM
2015-01-16 20:54:35.655 Error level 1
2015-01-16 20:54:36.534 Update progress: [I19463] Syncing product IDE513 1
2015-01-16 20:54:36.851 Update successful
2015-01-16 20:54:56.484 Option all = no
2015-01-16 20:54:56.484 Option recurse = yes
2015-01-16 20:54:56.484 Option archive = no
2015-01-16 20:54:56.484 Option service = yes
2015-01-16 20:54:56.484 Option confirm = yes
2015-01-16 20:54:56.484 Option sxl = yes
2015-01-16 20:54:56.488 Option max-data-age = 35
2015-01-16 20:54:56.488 Option EnableSafeClean = yes
2015-01-16 20:54:56.706 Option vdl-logging = yes
2015-01-16 20:54:56.728 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-01-16 20:54:56.728 Machine ID: 709824a2a2974de5a5b49b1cc3e4e202
2015-01-16 20:54:56.732 Component SVRTcli.exe version 2.5.4
2015-01-16 20:54:56.733 Component control.dll version 2.5.4
2015-01-16 20:54:56.734 Component SVRTservice.exe version 2.5.4
2015-01-16 20:54:56.736 Component engine\osdp.dll version 1.44.1.2183
2015-01-16 20:54:56.738 Component engine\veex.dll version 3.58.3.2183
2015-01-16 20:54:56.739 Component engine\savi.dll version 8.1.5.2183
2015-01-16 20:54:56.742 Component rkdisk.dll version 1.5.30.0
2015-01-16 20:54:56.742 Version info: Product version 2.5.4
2015-01-16 20:54:56.745 Version info: Detection engine 3.58.3
2015-01-16 20:54:56.745 Version info: Detection data 5.08G
2015-01-16 20:54:56.745 Version info: Build date 11/11/2014
2015-01-16 20:54:56.745 Version info: Data files added 588
2015-01-16 20:54:56.745 Version info: Last successful update 16/01/2015 3:54:36 PM

Rakshata · Jan 16, 2015

I had actually put RogueKiller in my Downloads folder. Should I move it to Desktop before running Delfix?
Did I have any trojans, rootkits or bootkits?

Broni · Jan 16, 2015

Should I move it to Desktop before running Delfix?
Yes.
Did I have any trojans, rootkits or bootkits?
No.

Broni · Jan 20, 2015

The issue seems to be resolved.

Rakshata · Jan 20, 2015

Thanks for your help, Broni. Please check your PayPal account.

Solved Malwarebytes found PUPs

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 31 +0

Posts: 56,041 +517

Attachments

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 56,041 +517

Posts: 31 +0

Posts: 31 +0

Posts: 56,041 +517

Posts: 56,041 +517

Posts: 31 +0

Similar threads