Solved Pop up asking for money for computer fix

C

cableman

Posts: 274   +0
The popups were getting bad asking for money to fix the computer but they seem to have gone away now but I want to be sure. Here are the first logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Michael Rhyne (administrator) on MICHAELRHYNE-PC on 26-06-2015 03:46:07
Running from C:\Users\Michael Rhyne\Desktop
Loaded Profiles: Michael Rhyne (Available Profiles: Michael Rhyne & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\bin32\nSvcAppFlt.exe
() C:\Program Files\bin32\nSvcIp.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [3453440 2010-07-27] (Alcatel-Lucent)
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-04] (Google Inc.)
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-08-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [2011-08-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-23] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web...3i_SP,205,0_0,StartPage,20140103,20031,0,85,0
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20140103,20028,0,85,0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-23] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-23] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-23] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23] (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.157.15

FireFox:
========
FF ProfilePath: C:\Users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF Homepage: hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20140103,20031,0,85,0
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-23] (Avast Software s.r.o.)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] () [File not signed]
R2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S4 cqmghost; %systemroot%\system32\cicsclient.dll [X]
S4 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-06-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-23] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-06-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-23] ()
S1 Beep; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [116584 2007-12-16] (Wasay) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 03:46 - 2015-06-26 03:46 - 00016853 _____ C:\Users\Michael Rhyne\Desktop\FRST.txt
2015-06-26 03:30 - 2015-06-26 03:46 - 00000000 ____D C:\FRST
2015-06-26 03:25 - 2015-06-26 03:25 - 02112512 _____ (Farbar) C:\Users\Michael Rhyne\Desktop\FRST64.exe
2015-06-24 10:30 - 2015-06-24 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-24 08:12 - 2015-06-26 03:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 08:12 - 2015-06-24 09:05 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 07:33 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-24 07:33 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-24 07:33 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-24 07:33 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-24 07:33 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-24 07:33 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-24 07:33 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-24 07:33 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-24 07:33 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-24 07:33 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-24 07:32 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-24 07:32 - 2015-02-19 21:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-24 07:32 - 2015-02-19 20:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-24 07:32 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-24 07:31 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-24 07:31 - 2014-10-12 20:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-24 07:31 - 2014-06-02 17:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-24 07:31 - 2014-06-02 17:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-24 07:31 - 2014-06-02 17:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-24 07:31 - 2014-06-02 16:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-24 07:31 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-24 07:31 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-24 07:30 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-24 07:30 - 2014-12-07 21:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-24 07:23 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-24 07:23 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-24 07:22 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-24 07:22 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-24 07:20 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-24 07:20 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-24 07:20 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-24 07:20 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-24 07:20 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-24 07:20 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-24 07:20 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-24 07:20 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-24 07:20 - 2015-01-08 21:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-24 07:20 - 2015-01-08 20:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-24 07:08 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-24 07:08 - 2014-11-25 21:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-24 07:05 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-24 07:05 - 2015-01-28 21:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-24 07:04 - 2014-12-18 20:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-24 07:03 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-24 07:03 - 2015-01-20 21:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-24 06:57 - 2014-11-03 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-24 06:57 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-24 06:53 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-24 06:53 - 2014-08-11 22:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-24 06:44 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-24 06:44 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-24 06:44 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-24 06:44 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-24 06:44 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-24 06:44 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-24 06:43 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-24 06:43 - 2014-10-23 20:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-24 06:42 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-24 06:42 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-24 06:42 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-24 06:42 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-24 06:42 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-24 06:42 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-24 06:42 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-24 06:42 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-24 06:42 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-24 06:42 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-24 06:41 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-24 06:41 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-24 06:41 - 2015-01-15 02:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-24 06:41 - 2015-01-15 00:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-24 06:38 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-24 06:38 - 2015-02-17 21:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-24 06:34 - 2014-10-09 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-24 06:34 - 2014-10-09 21:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-24 06:34 - 2014-10-09 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-24 06:34 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-24 06:34 - 2014-10-09 19:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-24 06:34 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-24 06:33 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-24 06:16 - 2014-06-26 18:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-24 06:16 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-24 06:16 - 2014-06-26 18:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-24 06:16 - 2014-06-06 00:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-24 06:16 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-24 06:14 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-24 06:14 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-24 06:14 - 2014-10-02 21:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-24 06:14 - 2014-10-02 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-24 06:14 - 2014-10-02 21:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-24 06:14 - 2014-10-02 21:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-24 06:14 - 2014-10-02 21:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-24 06:14 - 2014-10-02 19:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2015-06-24 06:12 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-24 06:12 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-24 06:11 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-24 06:11 - 2015-01-28 21:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-24 06:10 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-24 06:10 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-24 06:10 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-24 06:07 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-24 06:07 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-24 06:07 - 2014-12-05 22:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-24 06:07 - 2014-12-05 22:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-24 06:06 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-24 06:06 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-06-24 06:06 - 2014-12-05 22:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-24 06:05 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-24 06:05 - 2014-10-23 20:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-24 06:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 06:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 06:03 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-24 06:03 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-24 06:03 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-06-24 06:03 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-24 06:03 - 2014-08-26 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-24 05:51 - 2014-06-13 20:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-24 05:51 - 2014-06-13 20:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-24 05:50 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-24 05:50 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-24 05:50 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-24 05:50 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-24 05:50 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-24 05:50 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-24 05:50 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-24 05:50 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-24 05:50 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-24 05:50 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-24 05:50 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-24 05:50 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-24 05:50 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-24 05:50 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-24 05:50 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-24 05:50 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-24 05:50 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-24 05:50 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-24 05:50 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-24 05:50 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-24 05:50 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-24 05:50 - 2014-04-26 14:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-24 05:50 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-24 05:50 - 2014-04-05 05:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-24 05:50 - 2014-03-10 02:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-24 05:50 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-24 05:47 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-23 10:16 - 2015-06-23 09:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-23 10:06 - 2015-06-23 10:07 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Michael Rhyne\Desktop\avast_free_antivirus_setup_online.exe
2015-06-23 09:55 - 2015-06-23 10:17 - 00001689 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-23 09:55 - 2015-06-23 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 09:55 - 2015-06-23 09:54 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-23 09:54 - 2015-06-23 09:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-22 05:51 - 2015-06-22 07:55 - 00009264 _____ C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 00000238 _____ C:\ProgramData\RUNDLL32.EXE-2276-F.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 03:24 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 03:24 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 03:05 - 2014-01-18 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-26 02:59 - 2010-09-04 00:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-26 02:51 - 2010-05-20 13:13 - 02044873 _____ C:\Windows\WindowsUpdate.log
2015-06-25 09:59 - 2010-09-04 00:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 09:05 - 2012-08-29 15:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 09:05 - 2012-08-29 15:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 08:13 - 2010-05-21 23:59 - 00000000 ____D C:\Users\Michael Rhyne\AppData\Local\Adobe
2015-06-24 08:13 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-06-24 08:01 - 2006-11-02 08:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 07:54 - 2010-05-20 10:40 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2015-06-24 07:54 - 2008-05-26 19:05 - 00000147 _____ C:\Windows\SysWOW64\agent.log
2015-06-24 07:54 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 07:54 - 2006-11-02 11:21 - 00305976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-24 07:53 - 2008-05-26 18:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-24 07:51 - 2006-11-02 11:42 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-24 07:50 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-06-24 07:50 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-24 07:30 - 2008-05-26 18:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 07:07 - 2014-04-22 00:18 - 00752894 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-24 06:32 - 2013-08-06 10:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-24 06:30 - 2010-09-04 00:43 - 00000000 ____D C:\Users\Michael Rhyne\AppData\Local\Google
2015-06-23 22:21 - 2014-01-19 05:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-23 14:33 - 2012-09-04 22:28 - 00118156 _____ C:\Windows\PFRO.log
2015-06-23 12:11 - 2014-06-01 23:19 - 00000000 ____D C:\ProgramData\DF2ABD904FC65DDDFC73261C24800F3B
2015-06-23 09:54 - 2014-01-19 05:55 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-06-23 09:54 - 2010-09-04 00:44 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-23 09:54 - 2010-09-04 00:44 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-22 20:59 - 2010-05-22 08:56 - 00020264 _____ C:\Windows\system32\spsys.log
2015-06-22 05:50 - 2012-09-10 15:36 - 00002508 _____ C:\Windows\setupact.log
2015-05-27 00:04 - 2006-11-02 08:35 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2014-02-13 19:14 - 2014-02-13 19:14 - 0000072 _____ () C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan
2011-08-13 00:20 - 2011-08-13 00:20 - 0020406 _____ () C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png
2014-01-14 12:37 - 2014-01-18 21:15 - 2250054 _____ () C:\Users\Michael Rhyne\AppData\Roaming\wincreen.bmp
2014-01-14 12:36 - 2014-01-14 12:37 - 0350795 _____ () C:\Users\Michael Rhyne\AppData\Roaming\wincreen.jpg
2011-07-15 15:32 - 2012-05-01 14:16 - 0000680 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat
2014-01-18 22:05 - 2014-01-18 22:05 - 0000732 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat
2010-05-22 14:27 - 2011-01-24 15:22 - 0005632 _____ () C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-11 13:51 - 2012-09-11 13:51 - 0459726 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0442446 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt
2012-09-11 13:51 - 2012-09-11 13:51 - 0018790 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0012514 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 0000238 _____ () C:\ProgramData\RUNDLL32.EXE-2276-F.txt
2014-06-01 23:33 - 2014-06-01 23:33 - 0000059 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-06-02 14:51 - 2014-06-02 15:04 - 0005843 _____ () C:\ProgramData\RUNDLL32.EXE-2512-F.txt
2015-06-22 05:51 - 2015-06-22 07:55 - 0009264 _____ () C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2014-06-01 23:34 - 2014-06-01 23:42 - 0002181 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-20 23:21 - 2014-07-20 23:23 - 0000736 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-06-01 23:28 - 2014-06-01 23:31 - 0000930 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-25 20:08

==================== End of log ==============
 
Second log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael Rhyne at 2015-06-26 03:47:26
Running from C:\Users\Michael Rhyne\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3895353837-3889349409-2203901922-500 - Administrator - Disabled)
Guest (S-1-5-21-3895353837-3889349409-2203901922-501 - Limited - Disabled)
Michael Rhyne (S-1-5-21-3895353837-3889349409-2203901922-1000 - Administrator - Enabled) => C:\Users\Michael Rhyne
UpdatusUser (S-1-5-21-3895353837-3889349409-2203901922-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1705 - Acer Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.5.3034 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.5.3034 - Ares)
AT&T Service & Support Tool (HKLM-x32\...\ATT-SST) (Version: - )
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
AV Input Selection (HKLM-x32\...\{F429ED71-4A8B-457A-85E4-F6398CE73E58}) (Version: 1.02.0047 - YUAN)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000189 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.3.000189 - esobi Inc.) Hidden
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)
Flip Words 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LimeWire 5.5.8 (HKLM-x32\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
Mah Jong Quest 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11519340}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjong Match (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111177437}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

20-04-2014 17:22:32 Windows Update
22-04-2014 00:06:09 Windows Update
03-05-2014 21:24:49 Windows Update
10-05-2014 11:35:10 Windows Update
21-05-2014 12:04:24 Windows Update
23-05-2014 11:08:04 Windows Update
01-06-2014 00:54:29 Windows Update
22-06-2015 05:56:28 avast! antivirus system restore point
22-06-2015 23:37:06 Scheduled Checkpoint
23-06-2015 09:52:59 avast! antivirus system restore point
23-06-2015 10:08:42 avast! antivirus system restore point
23-06-2015 22:23:19 Scheduled Checkpoint
24-06-2015 05:44:59 Windows Update
24-06-2015 06:00:22 Windows Update
25-06-2015 06:00:17 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-19 05:43 - 2014-01-24 06:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {83753156-0218-4549-AED5-85AFEC06B869} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-23] (Avast Software s.r.o.)
Task: {BA21EA66-0B2A-4DDA-9BA3-E63F2265EDCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {BEF4C98D-ADBA-4499-8C05-298E1384A934} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {E359AD72-59A8-4A58-84DD-3803EAD84F2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {F6CFED48-5FFF-437A-B9B0-DC635EBCFB41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-05-26 18:32 - 2008-04-25 16:30 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-05-26 18:32 - 2008-05-26 18:32 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3008.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3008.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3008.0__3036420f80dd6947\Framework.Library.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3008.0__672b450de5a7e94a\Framework.Host.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3008.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3008.0__4df5dcab8860d239\Framework.Utility.dll
2008-04-26 00:36 - 2008-04-26 00:36 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-01-29 15:25 - 2008-01-29 15:25 - 00920064 _____ () C:\Program Files\bin32\nSvcAppFlt.exe
2008-01-29 15:17 - 2008-01-29 15:17 - 00115200 _____ () C:\Program Files\bin32\nv_common.dll
2008-01-29 15:18 - 2008-01-29 15:18 - 00610816 _____ () C:\Program Files\bin32\SpecialCase.dll
2008-01-29 15:24 - 2008-01-29 15:24 - 00193024 _____ () C:\Program Files\bin32\nSvcIp.exe
2008-04-26 00:36 - 2008-04-26 00:36 - 00028672 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2015-06-23 09:54 - 2015-06-23 09:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-23 09:54 - 2015-06-23 09:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-24 04:28 - 2015-06-24 04:28 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062401\algo.dll
2015-06-25 16:01 - 2015-06-25 16:01 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062501\algo.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 22:09 - 2007-06-24 22:09 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2008-04-28 12:49 - 2008-04-28 12:49 - 00002560 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-01-19 05:55 - 2015-06-23 09:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-24 08:12 - 2015-06-24 08:12 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 68.94.157.15

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmdAgent => C:\Windows\Temp\temp34.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9116E953-19EB-4B01-B1EF-7188E7B184A2}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe
FirewallRules: [{B4863068-5DE5-4E8E-A4B4-82110488F575}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe
FirewallRules: [{64A898C9-7530-452F-BC51-5DB3A1DFBD3A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe
FirewallRules: [{3461B6D2-9293-4C34-AE15-AABA22362199}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe
FirewallRules: [{456A9D77-2639-4E0E-B538-06FF57ECFF2A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe
FirewallRules: [{2A245EA7-E37A-4BD4-9CCB-54AD76C080B7}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe
FirewallRules: [{D7568E6B-C5AB-4636-92E3-376914315186}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe
FirewallRules: [{81EF9162-9073-4A36-A640-DC0C4F5EC07F}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE
FirewallRules: [{DAAB840A-8A75-4C87-B881-2EDF2854C8B6}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe
FirewallRules: [{8619E883-D7DF-45A8-9251-7BBD88E643DD}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{F2B6E7DB-68E2-4285-A7E3-3CB8F267B519}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{37030009-1063-41A2-A0EA-233F41219C9A}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{3A33ECF2-15E0-47BE-884A-88E708597117}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{9A55E7D7-DF99-4AF8-9110-EF64D7530F69}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{F4027B66-D2D4-4771-A76C-A03A9D20B54E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [TCP Query User{5D93677A-407D-47E8-9CDA-A27E037C7E21}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{7F25601E-CA9D-4758-A92F-CF2B363120CE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{2A7ED3EE-7E30-4CA6-84AD-1A2DFB1F78B5}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{036A9ABB-0217-44D4-8BD1-312375290EAA}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{2B7693A1-7CD3-4DCC-9605-CCC8EA9B4096}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{96B7EF68-3801-406C-B648-9174FD1D9CA5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CE7DBC46-2212-4B87-B017-14B862249740}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{D0CD1E38-DF2E-4F08-BBA4-74BB73BE8F30}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{11D3E8E0-3FCD-4D90-868B-A609166D4E9E}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A7AE91F8-240E-48D3-8F4C-EA20C65ACCAF}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{4645BAD2-FEC7-43F7-8CB1-2BBE1B4FC646}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A2B7B23A-EE98-4AA1-986A-7FCE969A294A}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{E3125AC6-2736-459A-9EFB-E29245162536}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{D8EC047E-200E-40EE-BD84-F66D6DEA9004}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{0504DE72-2961-468B-AF7F-42B7B13C59F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16E9FB3F-5338-400D-A4DE-7C4FBBFCAD82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2F7D65B1-6678-4C54-9082-3B5893B6F742}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{5F942031-9D0F-4FD0-A6A3-90A00098F1A4}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [TCP Query User{4EDEFF5F-C892-4041-8835-5A9B169E588D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{55FA6819-C348-40B3-971F-985511047F28}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F4AF05D7-1149-45D4-B70E-B9FEB115FACE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5C75C7B-154B-4B90-917D-CF3B422E052C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{350156ED-44F7-4780-99F2-6F9239AC2F93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{935A4F37-DD84-4CF7-A876-DE94F5855B43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88AB57B6-32C5-4444-9AE4-948C3517360E}] => (Allow) LPort=80
FirewallRules: [{107E9EE2-7D20-4338-8E14-B5D39C4F643D}] => (Allow) LPort=80
FirewallRules: [{C0C80D1A-7F0A-4E08-897F-44FD9016A49F}] => (Allow) LPort=80
FirewallRules: [{B5E55BFA-752E-44F4-82D2-3E0078A9A787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{52CDB7B6-6621-4BDB-9FA0-EB5BE4CE8399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{6FE8E904-6A00-4337-AF14-F23E72F2F455}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{2812A691-561A-4B39-9345-94E94B1DCD6E}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{9412895B-A3F7-4292-8D3E-7C5FAB11688B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{20EAB365-07AB-4E25-B548-9A7A92123096}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8F5B9A8-DFF0-40C5-B211-2527069E4317}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 07:54:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 06:32:35 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent

Error: (06/24/2015 06:32:35 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent8

Error: (06/24/2015 06:32:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8

Error: (06/24/2015 06:32:34 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll8

Error: (06/23/2015 02:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 10:23:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 10:01:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 09:00:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 07:54:48 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).


System errors:
=============
Error: (06/24/2015 08:03:50 AM) (Source: nvstor64) (EventID: 5) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (06/24/2015 07:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (06/24/2015 07:57:37 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (06/24/2015 07:54:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (06/24/2015 07:30:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (06/24/2015 07:30:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (06/24/2015 07:25:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (06/24/2015 07:25:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (06/24/2015 07:19:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (06/24/2015 07:19:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-01-24 23:06:38.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:37.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:37.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:37.205
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:36.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:36.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:36.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:36.035
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:35.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-01-24 23:06:35.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4050e
Percentage of memory in use: 76%
Total physical RAM: 3837.62 MB
Available physical RAM: 885.93 MB
Total Pagefile: 10082.19 MB
Available Pagefile: 1229.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:75.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.18 GB) (Free:89.53 GB) NTFS
Drive e: (MRI5.7.0) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9BAC3398)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=139.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.2 GB) - (Type=07 NTFS)

==================== End of log ===================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================

You're still infected.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Rogue killer RKreport could not be found. Had yo rescan to get it back. Here are the results:


ogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Michael Rhyne [Administrator]
Started from : C:\Users\Michael Rhyne\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/28/2015 04:07:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetworkLog (C:\Windows\svcs.exe) -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://en.us.acer.yahoo.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://us.yhs4.search.yahoo.com/web...3i_SP,205,0_0,StartPage,20140103,20031,0,85,0 -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://us.yhs4.search.yahoo.com/web...3i_SP,205,0_0,StartPage,20140103,20031,0,85,0 -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://en.us.acer.yahoo.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 68.94.157.15 [-][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 68.94.157.15 [-][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{547DF1B0-2C60-4DE6-8DFF-F152176FF743} | DhcpNameServer : 192.168.0.1 68.94.157.15 [-][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{547DF1B0-2C60-4DE6-8DFF-F152176FF743} | DhcpNameServer : 10.0.0.1 [X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{547DF1B0-2C60-4DE6-8DFF-F152176FF743} | DhcpNameServer : 192.168.0.1 68.94.157.15 [-][X] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zsv8fchc.default : user_pref("browser.startup.homepage", "http://us.yhs4.search.yahoo.com/web...3i_SP,205,0_0,StartPage,20140103,20031,0,85,0"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 377bba3c33ed54dca9aba65596314a7e
[BSP] 2c269e3cc317857ffaaca7e7f337de22 : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18944 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 38799360 | Size: 142755 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 331161642 | Size: 143542 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
--- User ---
[MBR] 255d8e96b889ba004e5334ef773d045c
[BSP] 424e620ef8097261396985291b84c35d : Legit.Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 247 | Size: 973 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_06272015_041519.log - RKreport_SCN_06272015_155615.log - RKreport_DEL_06272015_160102.log - RKreport_DEL_06272015_190511.log
RKreport_SCN_06282015_040628.log
 
Here is the MBAM text log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/27/2015
Scan Time: 7:10:24 PM
Logfile: mbamexportlog.txt
Administrator: Yes

Version: 0.00.0.0000
Malware Database: v2015.06.27.06
Rootkit Database: v2015.06.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Michael Rhyne

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401510
Time Elapsed: 21 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Here is the adwcleaner lpg:

# AdwCleaner v4.207 - Logfile created 28/06/2015 at 04:53:01
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Michael Rhyne - MICHAELRHYNE-PC
# Running from : C:\Users\Michael Rhyne\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Yahoo! Companion
[!] Folder Deleted : C:\ProgramData\Winferno
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winferno
[!] Folder Deleted : C:\Program Files (x86)\FileAssociationManager
[!] Folder Deleted : C:\Program Files (x86)\Winferno
[!] Folder Deleted : C:\Users\Michael Rhyne\AppData\LocalLow\Yahoo! Companion
[!] Folder Deleted : C:\Users\Michael Rhyne\AppData\Roaming\FileAssociationManager
File Deleted : C:\Users\Public\Desktop\Check PC for Errors.lnk
File Deleted : C:\Windows\SysWOW64\WinCMR.dll

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Winferno
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

[zsv8fchc.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20140103,20031,0,85,0");

*************************

AdwCleaner[R0].txt - [15444 bytes] - [24/01/2014 23:36:06]
AdwCleaner[R1].txt - [3659 bytes] - [28/06/2015 04:29:58]
AdwCleaner[S0].txt - [13148 bytes] - [24/01/2014 23:40:18]
AdwCleaner[S1].txt - [3152 bytes] - [28/06/2015 04:53:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3211 bytes] ##########
 
JRT log:



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/28/2015 at 6:52:29.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Made some comment about a problem with backup
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Computer seems to be running properly. Combofix ran without any problems. Here is the log:

ComboFix 15-06-30.01 - Michael Rhyne 07/01/2015 11:08:33.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2070 [GMT -4:00]
Running from: c:\users\Michael Rhyne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-01 to 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 01:22 . 2015-07-01 01:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\offreg.2808.dll
2015-07-01 01:02 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\mpengine.dll
2015-06-28 10:46 . 2015-06-28 10:46 -------- d-----w- C:\RegBackup
2015-06-27 20:16 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-27 20:16 . 2015-06-27 20:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-27 08:13 . 2015-06-28 07:57 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-27 08:13 . 2015-06-27 23:06 -------- d-----w- c:\programdata\RogueKiller
2015-06-26 07:30 . 2015-06-26 07:49 -------- d-----w- C:\FRST
2015-06-24 11:32 . 2015-02-20 02:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-06-24 11:32 . 2015-02-20 01:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-06-24 11:32 . 2015-02-20 00:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-24 11:32 . 2015-02-20 00:28 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-06-24 11:31 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-06-24 11:31 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-06-24 11:31 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-06-24 11:31 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-24 11:31 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-24 11:31 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-24 11:31 . 2014-10-13 00:56 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-24 11:31 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-06-24 11:30 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-06-24 11:30 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-06-24 11:23 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-24 11:23 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-06-24 11:22 . 2015-05-08 23:01 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-06-24 11:08 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-06-24 11:08 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-06-24 11:05 . 2015-01-29 01:33 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-06-24 11:05 . 2015-01-29 01:35 975360 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-06-24 11:04 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-06-24 11:03 . 2015-01-21 02:02 807936 ----a-w- c:\windows\SysWow64\msctf.dll
2015-06-24 11:03 . 2015-01-21 01:42 1040896 ----a-w- c:\windows\system32\msctf.dll
2015-06-24 10:57 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-06-24 10:57 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-06-24 10:53 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-06-24 10:53 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-06-24 10:52 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:52 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-24 10:52 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-24 10:52 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-24 10:52 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-24 10:52 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:44 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-06-24 10:44 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-06-24 10:44 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-06-24 10:44 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-06-24 10:44 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-06-24 10:44 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-06-24 10:43 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-24 10:43 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-06-24 10:41 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-24 10:41 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-24 10:41 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-06-24 10:41 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-24 10:38 . 2015-02-18 01:42 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-06-24 10:34 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-06-24 10:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-06-24 10:34 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-06-24 10:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-06-24 10:34 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-06-24 10:34 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-24 10:33 . 2015-05-21 14:36 2795520 ----a-w- c:\windows\system32\win32k.sys
2015-06-24 10:16 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-06-24 10:16 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-06-24 10:16 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-06-24 10:16 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-06-24 10:14 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-06-24 10:14 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-06-24 10:14 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-06-24 10:14 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-06-24 10:12 . 2015-04-24 15:41 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-24 10:12 . 2015-04-24 15:54 532480 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-24 10:11 . 2015-01-29 01:35 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-24 10:11 . 2015-01-29 01:33 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-24 10:10 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-24 10:10 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-06-24 10:10 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-24 10:07 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-06-24 10:07 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-06-24 10:06 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-06-24 10:06 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-06-24 10:06 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-06-24 10:05 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-06-24 10:05 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-06-24 10:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:03 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-24 10:03 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-24 10:03 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-24 10:03 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-06-24 10:03 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-06-24 09:51 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-06-24 09:51 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-06-24 09:51 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-06-24 09:51 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-06-24 09:51 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-06-24 09:51 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-06-24 09:47 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-06-23 14:16 . 2015-06-23 13:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-23 13:55 . 2015-06-23 13:54 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-23 13:54 . 2015-06-23 13:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 08:55 . 2014-01-21 01:01 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 14:22 . 2014-01-19 09:55 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-24 13:05 . 2012-08-29 19:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 13:05 . 2012-08-29 19:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 13:54 . 2014-01-19 09:55 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-23 13:54 . 2014-01-19 09:55 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-06-23 13:54 . 2014-01-19 09:55 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-23 13:54 . 2014-01-19 09:55 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-23 13:54 . 2014-01-19 09:55 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-06-23 13:54 . 2014-01-19 09:55 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-27 04:04 . 2006-11-02 12:35 140135120 ----a-w- c:\windows\system32\mrt.exe
2015-04-14 13:37 . 2014-01-21 00:59 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2011-01-28 19:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-23 5515496]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-8-13 1145]
OneNote Table Of Contents.onetoc2 [2011-8-13 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 13:05]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-23 13:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 68.94.157.15
FF - ProfilePath - c:\users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FileAssociationManager - c:\program files (x86)\FileAssociationManager\uninstall-fam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-07-01 11:22:52
ComboFix-quarantined-files.txt 2015-07-01 15:22
.
Pre-Run: 83,674,009,600 bytes free
Post-Run: 83,496,325,120 bytes free
.
- - End Of File - - 1C79B71671895808B4FD882205841B33
4C1C466E0D9E7B73AD314F6E31C2964F
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Here is the first text log:

ComboFix 15-06-30.01 - Michael Rhyne 07/01/2015 11:08:33.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2070 [GMT -4:00]
Running from: c:\users\Michael Rhyne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-01 to 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 01:22 . 2015-07-01 01:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\offreg.2808.dll
2015-07-01 01:02 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\mpengine.dll
2015-06-28 10:46 . 2015-06-28 10:46 -------- d-----w- C:\RegBackup
2015-06-27 20:16 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-27 20:16 . 2015-06-27 20:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-27 08:13 . 2015-06-28 07:57 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-27 08:13 . 2015-06-27 23:06 -------- d-----w- c:\programdata\RogueKiller
2015-06-26 07:30 . 2015-06-26 07:49 -------- d-----w- C:\FRST
2015-06-24 11:32 . 2015-02-20 02:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-06-24 11:32 . 2015-02-20 01:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-06-24 11:32 . 2015-02-20 00:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-24 11:32 . 2015-02-20 00:28 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-06-24 11:31 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-06-24 11:31 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-06-24 11:31 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-06-24 11:31 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-24 11:31 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-24 11:31 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-24 11:31 . 2014-10-13 00:56 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-24 11:31 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-06-24 11:30 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-06-24 11:30 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-06-24 11:23 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-24 11:23 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-06-24 11:22 . 2015-05-08 23:01 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-06-24 11:08 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-06-24 11:08 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-06-24 11:05 . 2015-01-29 01:33 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-06-24 11:05 . 2015-01-29 01:35 975360 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-06-24 11:04 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-06-24 11:03 . 2015-01-21 02:02 807936 ----a-w- c:\windows\SysWow64\msctf.dll
2015-06-24 11:03 . 2015-01-21 01:42 1040896 ----a-w- c:\windows\system32\msctf.dll
2015-06-24 10:57 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-06-24 10:57 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-06-24 10:53 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-06-24 10:53 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-06-24 10:52 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:52 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-24 10:52 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-24 10:52 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-24 10:52 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-24 10:52 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:44 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-06-24 10:44 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-06-24 10:44 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-06-24 10:44 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-06-24 10:44 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-06-24 10:44 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-06-24 10:43 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-24 10:43 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-06-24 10:41 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-24 10:41 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-24 10:41 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-06-24 10:41 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-24 10:38 . 2015-02-18 01:42 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-06-24 10:34 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-06-24 10:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-06-24 10:34 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-06-24 10:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-06-24 10:34 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-06-24 10:34 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-24 10:33 . 2015-05-21 14:36 2795520 ----a-w- c:\windows\system32\win32k.sys
2015-06-24 10:16 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-06-24 10:16 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-06-24 10:16 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-06-24 10:16 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-06-24 10:14 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-06-24 10:14 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-06-24 10:14 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-06-24 10:14 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-06-24 10:12 . 2015-04-24 15:41 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-24 10:12 . 2015-04-24 15:54 532480 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-24 10:11 . 2015-01-29 01:35 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-24 10:11 . 2015-01-29 01:33 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-24 10:10 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-24 10:10 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-06-24 10:10 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-24 10:07 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-06-24 10:07 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-06-24 10:06 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-06-24 10:06 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-06-24 10:06 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-06-24 10:05 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-06-24 10:05 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-06-24 10:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:03 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-24 10:03 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-24 10:03 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-24 10:03 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-06-24 10:03 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-06-24 09:51 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-06-24 09:51 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-06-24 09:51 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-06-24 09:51 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-06-24 09:51 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-06-24 09:51 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-06-24 09:47 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-06-23 14:16 . 2015-06-23 13:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-23 13:55 . 2015-06-23 13:54 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-23 13:54 . 2015-06-23 13:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 08:55 . 2014-01-21 01:01 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 14:22 . 2014-01-19 09:55 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-24 13:05 . 2012-08-29 19:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 13:05 . 2012-08-29 19:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 13:54 . 2014-01-19 09:55 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-23 13:54 . 2014-01-19 09:55 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-06-23 13:54 . 2014-01-19 09:55 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-23 13:54 . 2014-01-19 09:55 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-23 13:54 . 2014-01-19 09:55 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-06-23 13:54 . 2014-01-19 09:55 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-27 04:04 . 2006-11-02 12:35 140135120 ----a-w- c:\windows\system32\mrt.exe
2015-04-14 13:37 . 2014-01-21 00:59 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2011-01-28 19:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-23 5515496]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-8-13 1145]
OneNote Table Of Contents.onetoc2 [2011-8-13 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 13:05]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-23 13:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 68.94.157.15
FF - ProfilePath - c:\users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FileAssociationManager - c:\program files (x86)\FileAssociationManager\uninstall-fam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-07-01 11:22:52
ComboFix-quarantined-files.txt 2015-07-01 15:22
.
Pre-Run: 83,674,009,600 bytes free
Post-Run: 83,496,325,120 bytes free
.
- - End Of File - - 1C79B71671895808B4FD882205841B33
4C1C466E0D9E7B73AD314F6E31C2964F
 
Additional Farber Recovery Scan Text:

ComboFix 15-06-30.01 - Michael Rhyne 07/01/2015 11:08:33.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2070 [GMT -4:00]
Running from: c:\users\Michael Rhyne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-01 to 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 01:22 . 2015-07-01 01:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\offreg.2808.dll
2015-07-01 01:02 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\mpengine.dll
2015-06-28 10:46 . 2015-06-28 10:46 -------- d-----w- C:\RegBackup
2015-06-27 20:16 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-27 20:16 . 2015-06-27 20:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-27 08:13 . 2015-06-28 07:57 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-27 08:13 . 2015-06-27 23:06 -------- d-----w- c:\programdata\RogueKiller
2015-06-26 07:30 . 2015-06-26 07:49 -------- d-----w- C:\FRST
2015-06-24 11:32 . 2015-02-20 02:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-06-24 11:32 . 2015-02-20 01:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-06-24 11:32 . 2015-02-20 00:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-24 11:32 . 2015-02-20 00:28 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-06-24 11:31 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-06-24 11:31 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-06-24 11:31 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-06-24 11:31 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-24 11:31 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-24 11:31 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-24 11:31 . 2014-10-13 00:56 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-24 11:31 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-06-24 11:30 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-06-24 11:30 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-06-24 11:23 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-24 11:23 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-06-24 11:22 . 2015-05-08 23:01 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-06-24 11:08 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-06-24 11:08 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-06-24 11:05 . 2015-01-29 01:33 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-06-24 11:05 . 2015-01-29 01:35 975360 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-06-24 11:04 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-06-24 11:03 . 2015-01-21 02:02 807936 ----a-w- c:\windows\SysWow64\msctf.dll
2015-06-24 11:03 . 2015-01-21 01:42 1040896 ----a-w- c:\windows\system32\msctf.dll
2015-06-24 10:57 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-06-24 10:57 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-06-24 10:53 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-06-24 10:53 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-06-24 10:52 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:52 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-24 10:52 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-24 10:52 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-24 10:52 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-24 10:52 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:44 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-06-24 10:44 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-06-24 10:44 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-06-24 10:44 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-06-24 10:44 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-06-24 10:44 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-06-24 10:43 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-24 10:43 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-06-24 10:41 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-24 10:41 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-24 10:41 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-06-24 10:41 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-24 10:38 . 2015-02-18 01:42 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-06-24 10:34 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-06-24 10:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-06-24 10:34 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-06-24 10:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-06-24 10:34 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-06-24 10:34 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-24 10:33 . 2015-05-21 14:36 2795520 ----a-w- c:\windows\system32\win32k.sys
2015-06-24 10:16 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-06-24 10:16 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-06-24 10:16 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-06-24 10:16 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-06-24 10:14 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-06-24 10:14 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-06-24 10:14 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-06-24 10:14 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-06-24 10:12 . 2015-04-24 15:41 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-24 10:12 . 2015-04-24 15:54 532480 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-24 10:11 . 2015-01-29 01:35 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-24 10:11 . 2015-01-29 01:33 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-24 10:10 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-24 10:10 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-06-24 10:10 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-24 10:07 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-06-24 10:07 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-06-24 10:06 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-06-24 10:06 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-06-24 10:06 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-06-24 10:05 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-06-24 10:05 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-06-24 10:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:03 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-24 10:03 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-24 10:03 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-24 10:03 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-06-24 10:03 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-06-24 09:51 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-06-24 09:51 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-06-24 09:51 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-06-24 09:51 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-06-24 09:51 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-06-24 09:51 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-06-24 09:47 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-06-23 14:16 . 2015-06-23 13:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-23 13:55 . 2015-06-23 13:54 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-23 13:54 . 2015-06-23 13:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 08:55 . 2014-01-21 01:01 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 14:22 . 2014-01-19 09:55 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-24 13:05 . 2012-08-29 19:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 13:05 . 2012-08-29 19:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 13:54 . 2014-01-19 09:55 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-23 13:54 . 2014-01-19 09:55 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-06-23 13:54 . 2014-01-19 09:55 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-23 13:54 . 2014-01-19 09:55 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-23 13:54 . 2014-01-19 09:55 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-06-23 13:54 . 2014-01-19 09:55 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-27 04:04 . 2006-11-02 12:35 140135120 ----a-w- c:\windows\system32\mrt.exe
2015-04-14 13:37 . 2014-01-21 00:59 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2011-01-28 19:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-23 5515496]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-8-13 1145]
OneNote Table Of Contents.onetoc2 [2011-8-13 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 13:05]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-23 13:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 68.94.157.15
FF - ProfilePath - c:\users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FileAssociationManager - c:\program files (x86)\FileAssociationManager\uninstall-fam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-07-01 11:22:52
ComboFix-quarantined-files.txt 2015-07-01 15:22
.
Pre-Run: 83,674,009,600 bytes free
Post-Run: 83,496,325,120 bytes free
.
- - End Of File - - 1C79B71671895808B4FD882205841B33
4C1C466E0D9E7B73AD314F6E31C2964F
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Re-ran Farbar Recovery Tool and here is the First text. Additional text in next post due to length of logs.

ComboFix 15-06-30.01 - Michael Rhyne 07/01/2015 11:08:33.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2070 [GMT -4:00]
Running from: c:\users\Michael Rhyne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-01 to 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 01:22 . 2015-07-01 01:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\offreg.2808.dll
2015-07-01 01:02 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{745ACB83-C20E-44B8-9165-CFC1C990F385}\mpengine.dll
2015-06-28 10:46 . 2015-06-28 10:46 -------- d-----w- C:\RegBackup
2015-06-27 20:16 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-27 20:16 . 2015-06-27 20:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-27 08:13 . 2015-06-28 07:57 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-27 08:13 . 2015-06-27 23:06 -------- d-----w- c:\programdata\RogueKiller
2015-06-26 07:30 . 2015-06-26 07:49 -------- d-----w- C:\FRST
2015-06-24 11:32 . 2015-02-20 02:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-06-24 11:32 . 2015-02-20 01:44 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-06-24 11:32 . 2015-02-20 00:39 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-24 11:32 . 2015-02-20 00:28 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-06-24 11:31 . 2014-06-02 21:30 503296 ----a-w- c:\windows\system32\msihnd.dll
2015-06-24 11:31 . 2014-06-02 21:29 45056 ----a-w- c:\windows\system32\appinfo.dll
2015-06-24 11:31 . 2014-06-02 20:29 87552 ----a-w- c:\windows\system32\consent.exe
2015-06-24 11:31 . 2014-06-02 10:31 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-24 11:31 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-24 11:31 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-24 11:31 . 2014-10-13 00:56 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-24 11:31 . 2014-06-02 21:29 2280448 ----a-w- c:\windows\system32\authui.dll
2015-06-24 11:30 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-06-24 11:30 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-06-24 11:23 . 2015-03-05 02:25 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-24 11:23 . 2015-03-05 01:58 390144 ----a-w- c:\windows\system32\gdi32.dll
2015-06-24 11:22 . 2015-05-08 23:01 1212416 ----a-w- c:\windows\system32\kernel32.dll
2015-06-24 11:08 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-06-24 11:08 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-06-24 11:05 . 2015-01-29 01:33 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-06-24 11:05 . 2015-01-29 01:35 975360 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-06-24 11:04 . 2014-12-19 00:26 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-06-24 11:03 . 2015-01-21 02:02 807936 ----a-w- c:\windows\SysWow64\msctf.dll
2015-06-24 11:03 . 2015-01-21 01:42 1040896 ----a-w- c:\windows\system32\msctf.dll
2015-06-24 10:57 . 2014-11-04 00:35 2048 ----a-w- c:\windows\system32\tzres.dll
2015-06-24 10:57 . 2014-11-04 00:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-06-24 10:53 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-06-24 10:53 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-06-24 10:52 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:52 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-24 10:52 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-24 10:52 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-24 10:52 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-24 10:52 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-24 10:44 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-06-24 10:44 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-06-24 10:44 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-06-24 10:44 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-06-24 10:44 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2015-06-24 10:44 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-06-24 10:43 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-24 10:43 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2015-06-24 10:41 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-24 10:41 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-24 10:41 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-06-24 10:41 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-24 10:38 . 2015-02-18 01:42 12899840 ----a-w- c:\windows\system32\shell32.dll
2015-06-24 10:34 . 2014-10-10 01:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-06-24 10:34 . 2014-10-10 01:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-06-24 10:34 . 2014-10-09 23:53 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-06-24 10:34 . 2014-10-09 23:22 619520 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-06-24 10:34 . 2014-10-10 01:10 548352 ----a-w- c:\windows\system32\termsrv.dll
2015-06-24 10:34 . 2014-10-10 01:09 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2015-06-24 10:33 . 2015-05-21 14:36 2795520 ----a-w- c:\windows\system32\win32k.sys
2015-06-24 10:16 . 2014-06-26 22:17 171152 ----a-w- c:\windows\system32\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-06-24 10:16 . 2014-06-26 22:17 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 8848 ----a-w- c:\windows\system32\icardres.dll
2015-06-24 10:16 . 2014-06-26 22:17 1389200 ----a-w- c:\windows\system32\icardagt.exe
2015-06-24 10:16 . 2014-06-26 22:17 619664 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-06-24 10:16 . 2014-06-06 04:29 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-06-24 10:16 . 2014-06-06 04:28 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-06-24 10:14 . 2014-10-03 01:17 115712 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-06-24 10:14 . 2014-10-02 23:49 88576 ----a-w- c:\windows\SysWow64\audiodg.exe
2015-06-24 10:14 . 2014-10-03 01:18 274432 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:17 396800 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:03 313344 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-06-24 10:14 . 2014-10-03 01:02 201728 ----a-w- c:\windows\system32\EncDump.dll
2015-06-24 10:14 . 2014-10-03 01:01 474624 ----a-w- c:\windows\system32\AudioEng.dll
2015-06-24 10:14 . 2014-10-03 01:01 446976 ----a-w- c:\windows\system32\audiosrv.dll
2015-06-24 10:12 . 2015-04-24 15:41 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-24 10:12 . 2015-04-24 15:54 532480 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-24 10:11 . 2015-01-29 01:35 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-24 10:11 . 2015-01-29 01:33 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-24 10:10 . 2015-03-05 02:23 57344 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-24 10:10 . 2015-03-05 02:14 360384 ----a-w- c:\windows\system32\clfs.sys
2015-06-24 10:10 . 2015-03-05 01:58 77824 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-24 10:07 . 2014-12-06 03:14 48640 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 03:14 93184 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-06-24 10:07 . 2014-12-06 02:54 61440 ----a-w- c:\windows\system32\nlaapi.dll
2015-06-24 10:07 . 2014-12-06 02:54 205824 ----a-w- c:\windows\system32\nlasvc.dll
2015-06-24 10:06 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-06-24 10:06 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-06-24 10:06 . 2014-12-06 02:54 178688 ----a-w- c:\windows\system32\profsvc.dll
2015-06-24 10:05 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2015-06-24 10:05 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2015-06-24 10:04 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:04 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 10:03 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-24 10:03 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-24 10:03 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-24 10:03 . 2015-03-09 00:40 1869824 ----a-w- c:\windows\system32\msxml3.dll
2015-06-24 10:03 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-06-24 09:51 . 2014-06-14 00:56 901568 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-06-24 09:51 . 2014-06-14 00:51 47104 ----a-w- c:\windows\system32\cdd.dll
2015-06-24 09:51 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-06-24 09:51 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-06-24 09:51 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-06-24 09:51 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-06-24 09:47 . 2014-05-30 07:10 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-06-23 14:16 . 2015-06-23 13:54 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-23 13:55 . 2015-06-23 13:54 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-23 13:54 . 2015-06-23 13:54 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-28 08:55 . 2014-01-21 01:01 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-26 14:22 . 2014-01-19 09:55 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-24 13:05 . 2012-08-29 19:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 13:05 . 2012-08-29 19:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 13:54 . 2014-01-19 09:55 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-23 13:54 . 2014-01-19 09:55 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-06-23 13:54 . 2014-01-19 09:55 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-23 13:54 . 2014-01-19 09:55 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-23 13:54 . 2014-01-19 09:55 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-06-23 13:54 . 2014-01-19 09:55 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-27 04:04 . 2006-11-02 12:35 140135120 ----a-w- c:\windows\system32\mrt.exe
2015-04-14 13:37 . 2014-01-21 00:59 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 13:37 . 2011-01-28 19:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:26 . 2015-04-14 06:26 678600 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-04 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-23 5515496]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-8-13 1145]
OneNote Table Of Contents.onetoc2 [2011-8-13 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 13:05]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-04 13:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-23 13:54 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 68.94.157.15
FF - ProfilePath - c:\users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FileAssociationManager - c:\program files (x86)\FileAssociationManager\uninstall-fam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-07-01 11:22:52
ComboFix-quarantined-files.txt 2015-07-01 15:22
.
Pre-Run: 83,674,009,600 bytes free
Post-Run: 83,496,325,120 bytes free
.
- - End Of File - - 1C79B71671895808B4FD882205841B33
4C1C466E0D9E7B73AD314F6E31C2964F
 
Here is the re-run additional text from the Farbar Recovery Scan Tool :

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael Rhyne at 2015-07-03 09:42:27
Running from C:\Users\Michael Rhyne\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3895353837-3889349409-2203901922-500 - Administrator - Disabled)
Guest (S-1-5-21-3895353837-3889349409-2203901922-501 - Limited - Disabled)
Michael Rhyne (S-1-5-21-3895353837-3889349409-2203901922-1000 - Administrator - Enabled) => C:\Users\Michael Rhyne
UpdatusUser (S-1-5-21-3895353837-3889349409-2203901922-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1705 - Acer Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.5.3034 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.5.3034 - Ares)
AT&T Service & Support Tool (HKLM-x32\...\ATT-SST) (Version: - )
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )
AV Input Selection (HKLM-x32\...\{F429ED71-4A8B-457A-85E4-F6398CE73E58}) (Version: 1.02.0047 - YUAN)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000189 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.3.000189 - esobi Inc.) Hidden
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)
Flip Words 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LimeWire 5.5.8 (HKLM-x32\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
Mah Jong Quest 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11519340}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjong Match (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111177437}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-06-2015 06:00:17 Windows Update
26-06-2015 12:52:59 Scheduled Checkpoint
27-06-2015 02:19:22 Scheduled Checkpoint
27-06-2015 19:58:40 Scheduled Checkpoint
28-06-2015 08:03:50 Scheduled Checkpoint
29-06-2015 06:47:43 Scheduled Checkpoint
30-06-2015 20:55:30 Windows Update
01-07-2015 11:48:34 Scheduled Checkpoint
02-07-2015 11:43:28 Scheduled Checkpoint
03-07-2015 01:44:21 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-19 05:43 - 2014-01-24 06:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {83753156-0218-4549-AED5-85AFEC06B869} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-23] (Avast Software s.r.o.)
Task: {BA21EA66-0B2A-4DDA-9BA3-E63F2265EDCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {BEF4C98D-ADBA-4499-8C05-298E1384A934} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {E359AD72-59A8-4A58-84DD-3803EAD84F2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {F6CFED48-5FFF-437A-B9B0-DC635EBCFB41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-05-26 18:32 - 2008-04-25 16:30 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-05-26 18:32 - 2008-05-26 18:32 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3008.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3008.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3008.0__3036420f80dd6947\Framework.Library.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3008.0__672b450de5a7e94a\Framework.Host.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3008.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3008.0__4df5dcab8860d239\Framework.Utility.dll
2015-06-23 09:54 - 2015-06-23 09:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-23 09:54 - 2015-06-23 09:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-27 17:18 - 2015-06-27 17:18 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062701\algo.dll
2015-06-30 13:04 - 2015-06-30 13:04 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15063001\algo.dll
2015-07-01 07:24 - 2015-07-01 07:24 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15070100\algo.dll
2015-07-03 09:31 - 2015-07-03 09:31 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070300\algo.dll
2014-01-19 05:55 - 2015-06-23 09:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2015-06-24 08:12 - 2015-06-24 08:12 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 68.94.157.15

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmdAgent => C:\Windows\Temp\temp34.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9116E953-19EB-4B01-B1EF-7188E7B184A2}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe
FirewallRules: [{B4863068-5DE5-4E8E-A4B4-82110488F575}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe
FirewallRules: [{64A898C9-7530-452F-BC51-5DB3A1DFBD3A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe
FirewallRules: [{3461B6D2-9293-4C34-AE15-AABA22362199}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe
FirewallRules: [{456A9D77-2639-4E0E-B538-06FF57ECFF2A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe
FirewallRules: [{2A245EA7-E37A-4BD4-9CCB-54AD76C080B7}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe
FirewallRules: [{D7568E6B-C5AB-4636-92E3-376914315186}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe
FirewallRules: [{81EF9162-9073-4A36-A640-DC0C4F5EC07F}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE
FirewallRules: [{DAAB840A-8A75-4C87-B881-2EDF2854C8B6}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe
FirewallRules: [{8619E883-D7DF-45A8-9251-7BBD88E643DD}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{F2B6E7DB-68E2-4285-A7E3-3CB8F267B519}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{37030009-1063-41A2-A0EA-233F41219C9A}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{3A33ECF2-15E0-47BE-884A-88E708597117}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{9A55E7D7-DF99-4AF8-9110-EF64D7530F69}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{F4027B66-D2D4-4771-A76C-A03A9D20B54E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [TCP Query User{5D93677A-407D-47E8-9CDA-A27E037C7E21}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{7F25601E-CA9D-4758-A92F-CF2B363120CE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{2A7ED3EE-7E30-4CA6-84AD-1A2DFB1F78B5}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{036A9ABB-0217-44D4-8BD1-312375290EAA}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{2B7693A1-7CD3-4DCC-9605-CCC8EA9B4096}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{96B7EF68-3801-406C-B648-9174FD1D9CA5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CE7DBC46-2212-4B87-B017-14B862249740}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{D0CD1E38-DF2E-4F08-BBA4-74BB73BE8F30}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{11D3E8E0-3FCD-4D90-868B-A609166D4E9E}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A7AE91F8-240E-48D3-8F4C-EA20C65ACCAF}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{4645BAD2-FEC7-43F7-8CB1-2BBE1B4FC646}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A2B7B23A-EE98-4AA1-986A-7FCE969A294A}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{E3125AC6-2736-459A-9EFB-E29245162536}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{D8EC047E-200E-40EE-BD84-F66D6DEA9004}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{0504DE72-2961-468B-AF7F-42B7B13C59F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16E9FB3F-5338-400D-A4DE-7C4FBBFCAD82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2F7D65B1-6678-4C54-9082-3B5893B6F742}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{5F942031-9D0F-4FD0-A6A3-90A00098F1A4}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [TCP Query User{4EDEFF5F-C892-4041-8835-5A9B169E588D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{55FA6819-C348-40B3-971F-985511047F28}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F4AF05D7-1149-45D4-B70E-B9FEB115FACE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5C75C7B-154B-4B90-917D-CF3B422E052C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{350156ED-44F7-4780-99F2-6F9239AC2F93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{935A4F37-DD84-4CF7-A876-DE94F5855B43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88AB57B6-32C5-4444-9AE4-948C3517360E}] => (Allow) LPort=80
FirewallRules: [{107E9EE2-7D20-4338-8E14-B5D39C4F643D}] => (Allow) LPort=80
FirewallRules: [{C0C80D1A-7F0A-4E08-897F-44FD9016A49F}] => (Allow) LPort=80
FirewallRules: [{B5E55BFA-752E-44F4-82D2-3E0078A9A787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{52CDB7B6-6621-4BDB-9FA0-EB5BE4CE8399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{6FE8E904-6A00-4337-AF14-F23E72F2F455}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{2812A691-561A-4B39-9345-94E94B1DCD6E}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{9412895B-A3F7-4292-8D3E-7C5FAB11688B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{20EAB365-07AB-4E25-B548-9A7A92123096}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8F5B9A8-DFF0-40C5-B211-2527069E4317}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 11:03:41 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/30/2015 05:19:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/28/2015 07:04:37 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6536

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6536

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5132

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 05:49:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4118


System errors:
=============
Error: (07/03/2015 09:30:29 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.5 for the Network Card with network address 001D72BB46F5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/02/2015 01:27:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (07/01/2015 11:19:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/01/2015 11:12:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/29/2015 11:52:38 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GRAHAMSCOMPY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{547DF1B0-2C60-4DE6-8DFF-F152176FF743}.
The master browser is stopping or an election is being forced.

Error: (06/28/2015 01:39:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GRAHAMSCOMPY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{547DF1B0-2C60-4DE6-8DFF-F152176FF743}.
The master browser is stopping or an election is being forced.

Error: (06/28/2015 06:48:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ForceWare IP service1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ForceWare Intelligent Application Manager (IAM)1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI Backup Now 5 Scheduler Service1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI Backup Now 5 Backup Service1


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-07-03 09:42:20.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:42:19.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:42:18.993
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:42:18.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:41:47.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:41:47.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:41:46.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:41:45.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-02 09:31:53.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-02 09:31:53.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4050e
Percentage of memory in use: 58%
Total physical RAM: 3837.62 MB
Available physical RAM: 1598.19 MB
Total Pagefile: 7893.75 MB
Available Pagefile: 5601.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:77.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.18 GB) (Free:88.44 GB) NTFS
Drive e: (MRI5.7.0) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9BAC3398)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=139.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.2 GB) - (Type=07 NTFS)

==================== End of log ========================
 
Frst,txt log :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Michael Rhyne (administrator) on MICHAELRHYNE-PC on 04-07-2015 05:22:51
Running from C:\Users\Michael Rhyne\Desktop
Loaded Profiles: Michael Rhyne (Available Profiles: Michael Rhyne & UpdatusUser)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [3453440 2010-07-27] (Alcatel-Lucent)
HKLM-x32\...\Run: [PCMMediaSharing] => C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM-x32\...\Run: [BkupTray] => C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-04] (Google Inc.)
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Startup: C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-08-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 [2011-08-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-23] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20140103,20028,0,85,0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-23] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-23] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-23] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3895353837-3889349409-2203901922-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-23] (Google Inc.)
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 68.94.157.15

FireFox:
========
FF ProfilePath: C:\Users\Michael Rhyne\AppData\Roaming\Mozilla\Firefox\Profiles\zsv8fchc.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140103,20030,0,85,0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-23] (Avast Software s.r.o.)
S2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] () [File not signed]
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] () [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
S2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] () [File not signed]
S2 NTIBackupSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
S2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S4 cqmghost; %systemroot%\system32\cicsclient.dll [X]
S4 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-06-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-06-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-23] ()
S1 Beep; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-28] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [116584 2007-12-16] (Wasay) [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 11:53 - 2015-07-04 01:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 11:22 - 2015-07-01 11:22 - 00022598 _____ C:\ComboFix.txt
2015-07-01 11:06 - 2015-07-01 11:22 - 00000000 ____D C:\Qoobox
2015-07-01 11:06 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 11:06 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 11:06 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 11:06 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 11:06 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 11:06 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 11:06 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 11:06 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-30 04:59 - 2015-07-01 11:05 - 05631262 ____R (Swearware) C:\Users\Michael Rhyne\Desktop\ComboFix.exe
2015-06-28 06:52 - 2015-06-28 06:52 - 00000651 _____ C:\Users\Michael Rhyne\Desktop\JRT.txt
2015-06-28 06:47 - 2015-06-28 06:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MICHAELRHYNE-PC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-06-28 06:46 - 2015-06-28 06:46 - 00000000 ____D C:\RegBackup
2015-06-28 05:12 - 2015-06-28 05:12 - 02950961 _____ (Malwarebytes Corporation) C:\Users\Michael Rhyne\Desktop\JRT.exe
2015-06-28 04:24 - 2015-06-28 04:24 - 02244096 _____ C:\Users\Michael Rhyne\Desktop\adwcleaner_4.207.exe
2015-06-27 16:16 - 2015-06-27 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 16:16 - 2015-06-27 16:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-27 16:16 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-27 04:13 - 2015-06-28 03:57 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-27 04:13 - 2015-06-27 19:06 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-26 03:47 - 2015-07-03 09:42 - 00033712 _____ C:\Users\Michael Rhyne\Desktop\Addition.txt
2015-06-26 03:46 - 2015-07-04 05:22 - 00015482 _____ C:\Users\Michael Rhyne\Desktop\FRST.txt
2015-06-26 03:30 - 2015-07-04 05:22 - 00000000 ____D C:\FRST
2015-06-26 03:25 - 2015-06-26 03:25 - 02112512 _____ (Farbar) C:\Users\Michael Rhyne\Desktop\FRST64.exe
2015-06-24 08:12 - 2015-07-04 05:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 08:12 - 2015-06-24 09:05 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 07:33 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-24 07:33 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-24 07:33 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-24 07:33 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-24 07:33 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-24 07:33 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-24 07:33 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-24 07:33 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-24 07:33 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-24 07:33 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-24 07:33 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-24 07:33 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-24 07:32 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-24 07:32 - 2015-02-19 21:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-24 07:32 - 2015-02-19 20:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-24 07:32 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-24 07:31 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-24 07:31 - 2014-10-12 20:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-24 07:31 - 2014-06-02 17:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-24 07:31 - 2014-06-02 17:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-24 07:31 - 2014-06-02 17:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-24 07:31 - 2014-06-02 16:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-24 07:31 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-24 07:31 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-24 07:30 - 2014-12-07 21:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-24 07:30 - 2014-12-07 21:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-24 07:23 - 2015-03-04 22:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-24 07:23 - 2015-03-04 21:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-24 07:22 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-24 07:22 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-24 07:20 - 2015-03-13 22:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-24 07:20 - 2015-03-13 22:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-24 07:20 - 2015-03-12 21:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-24 07:20 - 2015-03-12 21:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-24 07:20 - 2015-03-12 21:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-24 07:20 - 2015-03-12 21:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-24 07:20 - 2015-03-12 20:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-24 07:20 - 2015-03-12 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-24 07:20 - 2015-03-12 20:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-24 07:20 - 2015-01-08 21:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-24 07:20 - 2015-01-08 20:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-24 07:08 - 2014-11-25 22:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-24 07:08 - 2014-11-25 21:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-24 07:05 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-24 07:05 - 2015-01-28 21:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-24 07:04 - 2014-12-18 20:26 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-24 07:03 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-24 07:03 - 2015-01-20 21:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-24 06:57 - 2014-11-03 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-24 06:57 - 2014-11-03 20:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-24 06:53 - 2014-08-11 22:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-24 06:53 - 2014-08-11 22:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-24 06:44 - 2014-06-15 18:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-24 06:44 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-24 06:44 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-24 06:44 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-24 06:44 - 2014-06-13 13:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-24 06:44 - 2014-06-13 13:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-24 06:43 - 2014-10-23 21:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-24 06:43 - 2014-10-23 20:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-24 06:42 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-24 06:42 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-24 06:42 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-24 06:42 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-24 06:42 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-24 06:42 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-24 06:42 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-24 06:42 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-24 06:42 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-24 06:42 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-24 06:41 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-24 06:41 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-24 06:41 - 2015-01-15 02:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-24 06:41 - 2015-01-15 00:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-24 06:38 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-24 06:38 - 2015-02-17 21:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-24 06:34 - 2014-10-09 21:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-24 06:34 - 2014-10-09 21:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-24 06:34 - 2014-10-09 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-24 06:34 - 2014-10-09 21:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-24 06:34 - 2014-10-09 19:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-24 06:34 - 2014-10-09 19:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-24 06:33 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-24 06:16 - 2014-06-26 18:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-24 06:16 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-24 06:16 - 2014-06-26 18:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-24 06:16 - 2014-06-26 18:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-24 06:16 - 2014-06-06 00:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-24 06:16 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-24 06:14 - 2014-10-02 21:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-24 06:14 - 2014-10-02 21:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-24 06:14 - 2014-10-02 21:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-24 06:14 - 2014-10-02 21:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-24 06:14 - 2014-10-02 21:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-24 06:14 - 2014-10-02 21:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-24 06:14 - 2014-10-02 21:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-24 06:14 - 2014-10-02 19:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2015-06-24 06:12 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-24 06:12 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-24 06:11 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-24 06:11 - 2015-01-28 21:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-24 06:10 - 2015-03-04 22:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-24 06:10 - 2015-03-04 22:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-24 06:10 - 2015-03-04 21:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-24 06:07 - 2014-12-05 23:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-24 06:07 - 2014-12-05 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-24 06:07 - 2014-12-05 22:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-24 06:07 - 2014-12-05 22:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-24 06:06 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-24 06:06 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-06-24 06:06 - 2014-12-05 22:54 - 00178688 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-24 06:05 - 2014-10-23 21:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-24 06:05 - 2014-10-23 20:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-24 06:04 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 06:04 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 06:03 - 2015-03-08 21:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-24 06:03 - 2015-03-08 20:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-24 06:03 - 2014-09-04 19:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-06-24 06:03 - 2014-08-26 20:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-24 06:03 - 2014-08-26 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-24 05:51 - 2014-06-13 20:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-24 05:51 - 2014-06-13 20:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-24 05:50 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-24 05:50 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-24 05:50 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-24 05:50 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-24 05:50 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-24 05:50 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-24 05:50 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-24 05:50 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-24 05:50 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-24 05:50 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-24 05:50 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-24 05:50 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-24 05:50 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-24 05:50 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-24 05:50 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-24 05:50 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-24 05:50 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-24 05:50 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-24 05:50 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-24 05:50 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-24 05:50 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-24 05:50 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-24 05:50 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-24 05:50 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-24 05:50 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-24 05:50 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-24 05:50 - 2014-04-26 14:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-24 05:50 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-24 05:50 - 2014-04-05 05:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-24 05:50 - 2014-03-10 02:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-24 05:50 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-24 05:47 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-23 10:16 - 2015-06-23 09:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-23 10:06 - 2015-06-23 10:07 - 05499984 _____ (Avast Software s.r.o.) C:\Users\Michael Rhyne\Desktop\avast_free_antivirus_setup_online.exe
2015-06-23 09:55 - 2015-06-23 10:17 - 00001689 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-23 09:55 - 2015-06-23 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-23 09:55 - 2015-06-23 09:54 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-23 09:54 - 2015-06-23 09:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-22 05:51 - 2015-06-22 07:55 - 00009264 _____ C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 00000238 _____ C:\ProgramData\RUNDLL32.EXE-2276-F.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 04:59 - 2010-09-04 00:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 04:32 - 2010-05-20 13:13 - 01404424 _____ C:\Windows\WindowsUpdate.log
2015-07-04 01:16 - 2014-01-18 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 23:53 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-03 23:53 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-03 09:59 - 2010-09-04 00:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 11:19 - 2006-11-02 08:34 - 00000215 _____ C:\Windows\system.ini
2015-06-29 11:24 - 2014-01-19 05:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-28 06:49 - 2010-05-20 10:40 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2015-06-28 05:02 - 2006-11-02 08:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 04:55 - 2014-01-20 21:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 04:54 - 2012-09-04 22:28 - 00120476 _____ C:\Windows\PFRO.log
2015-06-28 04:54 - 2008-05-26 19:05 - 00000147 _____ C:\Windows\SysWOW64\agent.log
2015-06-28 04:54 - 2008-05-26 18:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-28 04:54 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 04:53 - 2014-01-24 23:36 - 00000000 ____D C:\AdwCleaner
2015-06-28 04:53 - 2006-11-02 11:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-27 19:18 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\MSAgent
2015-06-27 16:16 - 2014-01-20 19:57 - 00000945 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 16:16 - 2011-01-28 15:49 - 00000000 ____D C:\Users\Michael Rhyne\AppData\Roaming\Malwarebytes
2015-06-27 16:16 - 2011-01-28 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-26 10:22 - 2014-01-19 05:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-24 09:05 - 2012-08-29 15:38 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 09:05 - 2012-08-29 15:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 08:13 - 2010-05-21 23:59 - 00000000 ____D C:\Users\Michael Rhyne\AppData\Local\Adobe
2015-06-24 08:13 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-06-24 07:54 - 2006-11-02 11:21 - 00305976 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-24 07:50 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-06-24 07:50 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-24 07:30 - 2008-05-26 18:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 07:07 - 2014-04-22 00:18 - 00752894 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-24 06:32 - 2013-08-06 10:49 - 00000000 ____D C:\Windows\system32\MRT
2015-06-24 06:30 - 2010-09-04 00:43 - 00000000 ____D C:\Users\Michael Rhyne\AppData\Local\Google
2015-06-23 12:11 - 2014-06-01 23:19 - 00000000 ____D C:\ProgramData\DF2ABD904FC65DDDFC73261C24800F3B
2015-06-23 09:54 - 2014-01-19 05:55 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-06-23 09:54 - 2014-01-19 05:55 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-06-23 09:54 - 2010-09-04 00:44 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-23 09:54 - 2010-09-04 00:44 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-22 20:59 - 2010-05-22 08:56 - 00020264 _____ C:\Windows\system32\spsys.log
2015-06-22 05:50 - 2012-09-10 15:36 - 00002508 _____ C:\Windows\setupact.log

==================== Files in the root of some directories =======

2014-02-13 19:14 - 2014-02-13 19:14 - 0000072 _____ () C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan
2011-08-13 00:20 - 2011-08-13 00:20 - 0020406 _____ () C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png
2011-07-15 15:32 - 2012-05-01 14:16 - 0000680 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat
2014-01-18 22:05 - 2014-01-18 22:05 - 0000732 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat
2010-05-22 14:27 - 2011-01-24 15:22 - 0005632 _____ () C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-11 13:51 - 2012-09-11 13:51 - 0459726 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0442446 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt
2012-09-11 13:51 - 2012-09-11 13:51 - 0018790 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0012514 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 0000238 _____ () C:\ProgramData\RUNDLL32.EXE-2276-F.txt
2014-06-01 23:33 - 2014-06-01 23:33 - 0000059 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-06-02 14:51 - 2014-06-02 15:04 - 0005843 _____ () C:\ProgramData\RUNDLL32.EXE-2512-F.txt
2015-06-22 05:51 - 2015-06-22 07:55 - 0009264 _____ () C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2014-06-01 23:34 - 2014-06-01 23:42 - 0002181 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-20 23:21 - 2014-07-20 23:23 - 0000736 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-06-01 23:28 - 2014-06-01 23:31 - 0000930 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-29 05:05

==================== End of log ============================
 
Additional text log :

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael Rhyne at 2015-07-04 05:23:43
Running from C:\Users\Michael Rhyne\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3895353837-3889349409-2203901922-500 - Administrator - Disabled)
Guest (S-1-5-21-3895353837-3889349409-2203901922-501 - Limited - Disabled)
Michael Rhyne (S-1-5-21-3895353837-3889349409-2203901922-1000 - Administrator - Enabled) => C:\Users\Michael Rhyne
UpdatusUser (S-1-5-21-3895353837-3889349409-2203901922-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version: - )
Acer Arcade Live Main Page (HKLM-x32\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer DV Magician (HKLM-x32\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM-x32\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1705 - Acer Inc.)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3013 - Acer Incorporated)
Acer GameZone Console DTV 2.0.1.1 (HKLM-x32\...\Acer GameZone Console_is1) (Version: - Oberon Media, Inc.)
Acer HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM-x32\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM-x32\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: - Acer - Leader Technologies)
Acer ScreenSaver (HKLM-x32\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM-x32\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM-x32\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agatha Christie Death on the Nile (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}) (Version: - Oberon Media)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.5.3034 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.5.3034 - Ares)
AT&T Service & Support Tool (HKLM-x32\...\ATT-SST) (Version: - )
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )
AV Input Selection (HKLM-x32\...\{F429ED71-4A8B-457A-85E4-F6398CE73E58}) (Version: 1.02.0047 - YUAN)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azada (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}) (Version: - Oberon Media)
Backspin Billiards (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}) (Version: - Oberon Media)
Big Kahuna Reef (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}) (Version: - Oberon Media)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}) (Version: - Oberon Media)
Bricks of Egypt (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}) (Version: - Oberon Media)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version: - Oberon Media)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version: - Oberon Media)
Diner Dash Flo on the Go (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}) (Version: - Oberon Media)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.3.000189 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.3.000189 - esobi Inc.) Hidden
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.5 - Amnis Technology Ltd)
Flip Words 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}) (Version: - Oberon Media)
Kick N Rush (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}) (Version: - Oberon Media)
LightScribe 1.4.142.1 (x32 Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
LimeWire 5.5.8 (HKLM-x32\...\LimeWire) (Version: 5.5.8 - Lime Wire, LLC)
Mah Jong Quest 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11519340}) (Version: - Oberon Media)
Mahjong Escape Ancient China (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}) (Version: - Oberon Media)
Mahjong Match (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111177437}) (Version: - Oberon Media)
Mahjongg Artifacts (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}) (Version: - Oberon Media)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6329 - NewTech Infosystems) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - )
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Zuma Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version: - Oberon Media)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

26-06-2015 12:52:59 Scheduled Checkpoint
27-06-2015 02:19:22 Scheduled Checkpoint
27-06-2015 19:58:40 Scheduled Checkpoint
28-06-2015 08:03:50 Scheduled Checkpoint
29-06-2015 06:47:43 Scheduled Checkpoint
30-06-2015 20:55:30 Windows Update
01-07-2015 11:48:34 Scheduled Checkpoint
02-07-2015 11:43:28 Scheduled Checkpoint
03-07-2015 01:44:21 Scheduled Checkpoint
04-07-2015 01:15:44 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-01-19 05:43 - 2014-01-24 06:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {83753156-0218-4549-AED5-85AFEC06B869} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-23] (Avast Software s.r.o.)
Task: {BA21EA66-0B2A-4DDA-9BA3-E63F2265EDCD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {BEF4C98D-ADBA-4499-8C05-298E1384A934} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {E359AD72-59A8-4A58-84DD-3803EAD84F2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {F6CFED48-5FFF-437A-B9B0-DC635EBCFB41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-05-26 18:32 - 2008-04-25 16:30 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2008-05-26 18:32 - 2008-05-26 18:32 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3008.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3008.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3008.0__3036420f80dd6947\Framework.Library.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3008.0__672b450de5a7e94a\Framework.Host.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3008.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-05-26 18:32 - 2008-05-26 18:32 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3008.0__4df5dcab8860d239\Framework.Utility.dll
2015-06-23 09:54 - 2015-06-23 09:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-23 09:54 - 2015-06-23 09:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-27 17:18 - 2015-06-27 17:18 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062701\algo.dll
2015-07-03 21:53 - 2015-07-03 21:53 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070301\algo.dll
2014-01-19 05:55 - 2015-06-23 09:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-05-26 18:42 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2015-06-24 08:12 - 2015-06-24 08:12 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael Rhyne\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1 - 68.94.157.15

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acer Empowering Technology Monitor => C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmdAgent => C:\Windows\Temp\temp34.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EmpoweringTechnology => C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9116E953-19EB-4B01-B1EF-7188E7B184A2}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe
FirewallRules: [{B4863068-5DE5-4E8E-A4B4-82110488F575}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe
FirewallRules: [{64A898C9-7530-452F-BC51-5DB3A1DFBD3A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe
FirewallRules: [{3461B6D2-9293-4C34-AE15-AABA22362199}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe
FirewallRules: [{456A9D77-2639-4E0E-B538-06FF57ECFF2A}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe
FirewallRules: [{2A245EA7-E37A-4BD4-9CCB-54AD76C080B7}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe
FirewallRules: [{D7568E6B-C5AB-4636-92E3-376914315186}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe
FirewallRules: [{81EF9162-9073-4A36-A640-DC0C4F5EC07F}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE
FirewallRules: [{DAAB840A-8A75-4C87-B881-2EDF2854C8B6}] => (Allow) C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe
FirewallRules: [{8619E883-D7DF-45A8-9251-7BBD88E643DD}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{F2B6E7DB-68E2-4285-A7E3-3CB8F267B519}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{37030009-1063-41A2-A0EA-233F41219C9A}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{3A33ECF2-15E0-47BE-884A-88E708597117}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{9A55E7D7-DF99-4AF8-9110-EF64D7530F69}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{F4027B66-D2D4-4771-A76C-A03A9D20B54E}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [TCP Query User{5D93677A-407D-47E8-9CDA-A27E037C7E21}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{7F25601E-CA9D-4758-A92F-CF2B363120CE}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{2A7ED3EE-7E30-4CA6-84AD-1A2DFB1F78B5}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{036A9ABB-0217-44D4-8BD1-312375290EAA}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [TCP Query User{2B7693A1-7CD3-4DCC-9605-CCC8EA9B4096}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{96B7EF68-3801-406C-B648-9174FD1D9CA5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CE7DBC46-2212-4B87-B017-14B862249740}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{D0CD1E38-DF2E-4F08-BBA4-74BB73BE8F30}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{11D3E8E0-3FCD-4D90-868B-A609166D4E9E}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A7AE91F8-240E-48D3-8F4C-EA20C65ACCAF}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{4645BAD2-FEC7-43F7-8CB1-2BBE1B4FC646}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A2B7B23A-EE98-4AA1-986A-7FCE969A294A}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{E3125AC6-2736-459A-9EFB-E29245162536}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{D8EC047E-200E-40EE-BD84-F66D6DEA9004}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{0504DE72-2961-468B-AF7F-42B7B13C59F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16E9FB3F-5338-400D-A4DE-7C4FBBFCAD82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2F7D65B1-6678-4C54-9082-3B5893B6F742}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{5F942031-9D0F-4FD0-A6A3-90A00098F1A4}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [TCP Query User{4EDEFF5F-C892-4041-8835-5A9B169E588D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{55FA6819-C348-40B3-971F-985511047F28}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{F4AF05D7-1149-45D4-B70E-B9FEB115FACE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5C75C7B-154B-4B90-917D-CF3B422E052C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{350156ED-44F7-4780-99F2-6F9239AC2F93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{935A4F37-DD84-4CF7-A876-DE94F5855B43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{88AB57B6-32C5-4444-9AE4-948C3517360E}] => (Allow) LPort=80
FirewallRules: [{107E9EE2-7D20-4338-8E14-B5D39C4F643D}] => (Allow) LPort=80
FirewallRules: [{C0C80D1A-7F0A-4E08-897F-44FD9016A49F}] => (Allow) LPort=80
FirewallRules: [{B5E55BFA-752E-44F4-82D2-3E0078A9A787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{52CDB7B6-6621-4BDB-9FA0-EB5BE4CE8399}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{6FE8E904-6A00-4337-AF14-F23E72F2F455}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{2812A691-561A-4B39-9345-94E94B1DCD6E}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [{9412895B-A3F7-4292-8D3E-7C5FAB11688B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{20EAB365-07AB-4E25-B548-9A7A92123096}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8F5B9A8-DFF0-40C5-B211-2527069E4317}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 11:03:41 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/30/2015 05:19:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/28/2015 07:04:37 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: File backup failed. The error is: System Restore changed your backup settings. Review your backup settings. (0x810000ED).

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6536

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6536

Error: (06/28/2015 05:49:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5132

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5132

Error: (06/28/2015 05:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2015 05:49:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4118


System errors:
=============
Error: (07/03/2015 09:30:29 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.0.5 for the Network Card with network address 001D72BB46F5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/02/2015 01:27:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (07/01/2015 11:19:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/01/2015 11:12:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (06/29/2015 11:52:38 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GRAHAMSCOMPY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{547DF1B0-2C60-4DE6-8DFF-F152176FF743}.
The master browser is stopping or an election is being forced.

Error: (06/28/2015 01:39:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer GRAHAMSCOMPY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{547DF1B0-2C60-4DE6-8DFF-F152176FF743}.
The master browser is stopping or an election is being forced.

Error: (06/28/2015 06:48:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ForceWare IP service1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ForceWare Intelligent Application Manager (IAM)1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI Backup Now 5 Scheduler Service1

Error: (06/28/2015 06:48:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NTI Backup Now 5 Backup Service1


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-07-04 05:23:35.852
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:23:35.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:23:34.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:23:34.175
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:23:00.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:22:59.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:22:59.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-04 05:22:58.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:42:20.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-03 09:42:19.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4050e
Percentage of memory in use: 57%
Total physical RAM: 3837.62 MB
Available physical RAM: 1640.31 MB
Total Pagefile: 7893.75 MB
Available Pagefile: 5689.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:78.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.18 GB) (Free:88.36 GB) NTFS
Drive e: (MRI5.7.0) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9BAC3398)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=139.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.2 GB) - (Type=07 NTFS)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.3 KB · Views: 3
Here is the fix log text :

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael Rhyne at 2015-07-05 08:44:48 Run:1
Running from C:\Users\Michael Rhyne\Desktop
Loaded Profiles: Michael Rhyne (Available Profiles: Michael Rhyne & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S4 cqmghost; %systemroot%\system32\cicsclient.dll [X]
S4 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [X]
S1 Beep; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-02-13 19:14 - 2014-02-13 19:14 - 0000072 _____ () C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan
2011-08-13 00:20 - 2011-08-13 00:20 - 0020406 _____ () C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png
2011-07-15 15:32 - 2012-05-01 14:16 - 0000680 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat
2014-01-18 22:05 - 2014-01-18 22:05 - 0000732 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat
2010-05-22 14:27 - 2011-01-24 15:22 - 0005632 _____ () C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-11 13:51 - 2012-09-11 13:51 - 0459726 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0442446 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt
2012-09-11 13:51 - 2012-09-11 13:51 - 0018790 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0012514 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 0000238 _____ () C:\ProgramData\RUNDLL32.EXE-2276-F.txt
2014-06-01 23:33 - 2014-06-01 23:33 - 0000059 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-06-02 14:51 - 2014-06-02 15:04 - 0005843 _____ () C:\ProgramData\RUNDLL32.EXE-2512-F.txt
2015-06-22 05:51 - 2015-06-22 07:55 - 0009264 _____ () C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2014-06-01 23:34 - 2014-06-01 23:42 - 0002181 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-20 23:21 - 2014-07-20 23:23 - 0000736 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-06-01 23:28 - 2014-06-01 23:31 - 0000930 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
cqmghost => Service removed successfully
FastUserSwitchingCompatibility => Service removed successfully
Beep => Service removed successfully
IpInIp => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan => moved successfully.
C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2276-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2284-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2512-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2652-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2724-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-3632-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-4088-F.txt => moved successfully.

==== End of Fixlog 08:44:50 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Here is the log from Security Check :

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael Rhyne at 2015-07-05 08:44:48 Run:1
Running from C:\Users\Michael Rhyne\Desktop
Loaded Profiles: Michael Rhyne (Available Profiles: Michael Rhyne & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S4 cqmghost; %systemroot%\system32\cicsclient.dll [X]
S4 FastUserSwitchingCompatibility; C:\Windows\system32\FastUserSwitchingCompatibilityex.dll [X]
S1 Beep; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-02-13 19:14 - 2014-02-13 19:14 - 0000072 _____ () C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan
2011-08-13 00:20 - 2011-08-13 00:20 - 0020406 _____ () C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png
2011-07-15 15:32 - 2012-05-01 14:16 - 0000680 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat
2014-01-18 22:05 - 2014-01-18 22:05 - 0000732 _____ () C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat
2010-05-22 14:27 - 2011-01-24 15:22 - 0005632 _____ () C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-11 13:51 - 2012-09-11 13:51 - 0459726 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0442446 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt
2012-09-11 13:51 - 2012-09-11 13:51 - 0018790 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt
2010-05-21 15:04 - 2010-05-21 15:04 - 0012514 _____ () C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt
2015-06-22 05:45 - 2015-06-22 05:49 - 0000238 _____ () C:\ProgramData\RUNDLL32.EXE-2276-F.txt
2014-06-01 23:33 - 2014-06-01 23:33 - 0000059 _____ () C:\ProgramData\RUNDLL32.EXE-2284-F.txt
2014-06-02 14:51 - 2014-06-02 15:04 - 0005843 _____ () C:\ProgramData\RUNDLL32.EXE-2512-F.txt
2015-06-22 05:51 - 2015-06-22 07:55 - 0009264 _____ () C:\ProgramData\RUNDLL32.EXE-2652-F.txt
2014-06-01 23:34 - 2014-06-01 23:42 - 0002181 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-07-20 23:21 - 2014-07-20 23:23 - 0000736 _____ () C:\ProgramData\RUNDLL32.EXE-3632-F.txt
2014-06-01 23:28 - 2014-06-01 23:31 - 0000930 _____ () C:\ProgramData\RUNDLL32.EXE-4088-F.txt

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3895353837-3889349409-2203901922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
cqmghost => Service removed successfully
FastUserSwitchingCompatibility => Service removed successfully
Beep => Service removed successfully
IpInIp => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
C:\Users\Michael Rhyne\AppData\Roaming\mbam.context.scan => moved successfully.
C:\Users\Michael Rhyne\AppData\Roaming\UserTile.png => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\d3d9caps.dat => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\d3d9caps64.dat => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI1A05.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistMSI39B0.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI1A05.txt => moved successfully.
C:\Users\Michael Rhyne\AppData\Local\dd_vcredistUI39B0.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2276-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2284-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2512-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2652-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-2724-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-3632-F.txt => moved successfully.
C:\ProgramData\RUNDLL32.EXE-4088-F.txt => moved successfully.

==== End of Fixlog 08:44:50 ====
 
Farbar Security Scanner Log :

Farbar Service Scanner Version: 17-01-2015
Ran by Michael Rhyne (administrator) on 06-07-2015 at 05:13:14
Running from "C:\Users\Michael Rhyne\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back