Solved Random .exe installer popups/system restore issues

[KKimble]

While browsing webpages, a random .exe installer window pops up asking me if I want to open or save the file (different every time). It's been happening for some time, but when it first started I assumed it was a virus so I checked answers online and most people were saying it was the webpage itself. It happened again today

"You have chosen to open:
TK2eUcXjmdidW
which is: application/octet-stream
from: giphy.com

What should Firefox do with this file?
Open with [Browse...]
* Save File"

I found a thread today, followed the steps and ran the AdwCleaner cleaner. How do I know if that fixed the problem, since it only happens at random - and not very often?

Another issue that just happened to me last night has to do with the system restore. I'm not sure if it is caused by malware? After an automatic update, Firefox went a little goofy so I tried to do a system restore choosing the third or fourth oldest restore (from 7 or 8 days ago) After the restore, when the login screen should have appeared - my computer gave me an error code

"The application failed to initialize properly (0xc0000135) Click OK to terminate the application."

After clicking ok, the screen was black with a cursor. I rebooted, Windows Automatic Repair started by itself, and it fixed the problem. I guess while repairing the files, it undid my system restore. Today for some reason I just had to try it again...Today I chose a system restore that was right above the one I initially tried last night (at least I was *pretty* sure it was the one above it) And of course, the same thing happened but this time nothing seemed to work. Everything posted in forums didn't work, anything I used off the list after pressing F8 didn't work - just kept taking me to the "black screen of death." Windows Automatic Repair couldn't find any issues, it did have a message asking if I plugged anything in, and to unplug it if so. I tried a few more times, still nothing. I then tried the system restore through the repair, but it didn't pop up. Waiting about a minute I clicked the button again, and was informed it was already running. Had to reboot, and try again but this time I waited maybe 5 minutes and the screen appeared. I chose the restore date, (still not the newest one, but a few days old) and viola! My computer started up, no problems at all. Could this be malware related, or could the issue be caused because I initially didn't select a restore point that was logged after my computer had one or two windows updates?

I apologize for the long post, but I just wanted to make sure I included all the details

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[KKimble]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by Dale (administrator) on DALE-PC on 24-06-2015 02:04:14
Running from C:\Users\Dale\Desktop
Loaded Profiles: Dale (Available Profiles: Dale)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...VZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjc5Njk2MzYyLUZMKzktRERUKzE5NDA4LUZMMTArMS1MU0QrMi1GMTBNMTJEV (the data entry has 189 more characters).
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\MountPoints2: {03cab059-eb8a-11dd-8b23-806e6f6e6963} - E:\dvd_rom.exe
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\MountPoints2: {22b7f11c-5cb9-11e0-bb92-806e6f6e6963} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\MountPoints2: {89ec278b-78cd-11df-8e2d-001d72d6e46f} - G:\HPLauncher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3144670501-793434127-3194825423-1000 -> Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKU\S-1-5-21-3144670501-793434127-3194825423-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll [2011-02-08] (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-21] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://yahoo.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-04-10]
FF Extension: Ghostery - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\firefox@ghostery.com.xpi [2014-08-29]
FF Extension: Adblock Plus - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-22]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2014-06-25] (SEIKO EPSON CORPORATION)
S3 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [28624 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2014-11-10] (IObit)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2008-12-13] () [File not signed]
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2014-11-10] (IObit.com)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 02:04 - 2015-06-24 02:04 - 00013264 _____ C:\Users\Dale\Desktop\FRST.txt
2015-06-24 02:03 - 2015-06-24 02:04 - 00000000 ____D C:\FRST
2015-06-24 02:02 - 2015-06-24 02:02 - 01148928 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2015-06-22 21:18 - 2015-06-22 22:22 - 00000000 ____D C:\AdwCleaner
2015-06-22 19:55 - 2015-06-22 19:55 - 00049180 _____ C:\Users\Dale\Desktop\Registry Scan Report.txt
2015-06-10 03:02 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:01 - 2015-05-21 10:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:50 - 2015-05-08 19:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 19:47 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:47 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:47 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 19:47 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:47 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:47 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 19:47 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 19:47 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 19:47 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 19:45 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 19:45 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 19:45 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 19:45 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 19:45 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-02 22:58 - 2015-06-04 00:06 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 02:04 - 2012-07-25 19:06 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000UA.job
2015-06-24 02:00 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 02:00 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 01:42 - 2009-01-26 05:20 - 01323807 _____ C:\Windows\WindowsUpdate.log
2015-06-24 01:06 - 2014-12-12 00:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 01:06 - 2012-12-18 21:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 01:06 - 2011-08-04 07:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-24 00:19 - 2006-11-02 06:33 - 00763018 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 00:13 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 17:28 - 2006-11-02 09:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-23 17:24 - 2014-12-02 19:02 - 00000000 ____D C:\Users\Dale\Desktop\Price Match
2015-06-22 23:33 - 2015-02-13 02:40 - 00000000 ____D C:\Users\Dale\AppData\Roaming\ProductData
2015-06-22 23:33 - 2009-01-25 16:27 - 00000000 ____D C:\Users\Dale
2015-06-22 23:33 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-22 23:33 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2015-06-22 23:33 - 2006-11-02 06:22 - 51642368 _____ C:\Windows\system32\config\software_previous
2015-06-22 23:33 - 2006-11-02 06:22 - 39321600 _____ C:\Windows\system32\config\system_previous
2015-06-22 23:32 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2015-06-22 23:25 - 2006-11-02 06:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2015-06-22 23:25 - 2006-11-02 06:22 - 00024576 _____ C:\Windows\system32\config\security_previous
2015-06-22 22:24 - 2011-07-22 22:44 - 00000000 ____D C:\ProgramData\MFAData
2015-06-22 21:37 - 2011-07-22 22:49 - 00000000 ____D C:\ProgramData\AVG10
2015-06-22 21:37 - 2011-07-17 07:44 - 00225166 _____ C:\Windows\PFRO.log
2015-06-22 20:14 - 2008-04-30 05:54 - 00000147 _____ C:\Windows\system32\agent.log
2015-06-22 19:23 - 2006-11-02 06:22 - 46399488 _____ C:\Windows\system32\config\components_previous
2015-06-22 19:23 - 2006-11-02 06:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-06-10 17:22 - 2006-11-02 08:47 - 00298656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 19:46 - 2013-07-20 02:29 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 19:46 - 2006-11-02 06:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-09 02:24 - 2011-02-08 02:36 - 00000650 _____ C:\Users\Dale\AppData\Roaming\wklnhst.dat
2015-06-05 02:44 - 2009-09-23 00:20 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Skype
2015-06-04 15:57 - 2010-07-18 14:56 - 00000000 ___RD C:\Users\Dale\Incomplete
2015-06-04 15:54 - 2012-09-20 14:14 - 00000000 ____D C:\Users\Dale\.frostwire5
2015-06-04 15:41 - 2014-10-17 19:22 - 00000000 ____D C:\Users\Dale\Desktop\School
2015-06-04 00:06 - 2012-07-25 19:06 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000Core.job
2015-06-04 00:06 - 2012-04-26 00:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-01 17:01 - 2015-02-19 12:50 - 00000380 _____ C:\Windows\Tasks\AWC AutoCare.job

==================== Files in the root of some directories =======

2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-27 21:31 - 2012-09-27 21:31 - 0001147 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-02-27 05:10 - 2014-03-20 06:04 - 0000231 _____ () C:\Users\Dale\AppData\Roaming\Rim.Transcoder.Exception.log
2011-02-08 02:36 - 2015-06-09 02:24 - 0000650 _____ () C:\Users\Dale\AppData\Roaming\wklnhst.dat
2009-07-05 00:42 - 2012-10-19 02:23 - 0001356 _____ () C:\Users\Dale\AppData\Local\d3d9caps.dat
2014-03-20 05:20 - 2014-10-14 02:22 - 0039424 _____ () C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-25 16:37 - 2009-01-25 16:38 - 0091992 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20090125.log
2011-07-21 01:18 - 2011-07-21 01:19 - 0147408 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20110721.log
2010-08-12 07:21 - 2011-07-21 02:45 - 0000000 _____ () C:\Users\Dale\AppData\Local\prvlcl.dat
2012-04-24 19:42 - 2012-04-24 19:44 - 0003320 _____ () C:\Users\Dale\AppData\Local\rogerscookie
2009-09-23 00:22 - 2009-09-23 00:22 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-08 16:34 - 2010-01-08 16:34 - 0007256 _____ () C:\ProgramData\N360BUOptions.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 00:28

==================== End of log ============================

 

[KKimble]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Dale at 2015-06-24 02:05:17
Running from C:\Users\Dale\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3144670501-793434127-3194825423-500 - Administrator - Disabled)
Dale (S-1-5-21-3144670501-793434127-3194825423-1000 - Administrator - Enabled) => C:\Users\Dale
Guest (S-1-5-21-3144670501-793434127-3194825423-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Out of date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced SystemCare 3 (HKLM\...\Advanced SystemCare 3_is1) (Version: 3.7.3 - IObit)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1411 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1415 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1424 - AVG Technologies) Hidden
BearShare (HKLM\...\BearShare) (Version: 12.0.0.134600 - Musiclab, LLC)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version: - SEIKO EPSON Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FrostWire 6.0.7 (HKLM\...\FrostWire 6) (Version: 6.0.7.4 - FrostWire LLC)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
IObit Malware Fighter 3 (HKLM\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.55.3.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6322 - NewTech Infosystems) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StudioTax 2013 (HKLM\...\{8D18F314-6668-4E2F-936A-70025F2D40C7}) (Version: 9.1.7.0 - BHOK IT Consulting)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No Filepath

==================== Restore Points =========================

21-06-2015 14:02:46 Restore Operation
21-06-2015 14:32:33 Windows Update
21-06-2015 15:39:14 Restore Operation
21-06-2015 16:00:08 Windows Update
21-06-2015 17:22:19 Restore Operation
22-06-2015 16:53:54 Restore Operation
22-06-2015 19:50:03 Windows Update
22-06-2015 20:29:51 Removed AVG 2011

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E652846-4486-4FB0-81E2-AD45CE5A8805} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {76B2689C-627C-4A0B-B17C-70E54857A832} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000Core => C:\Users\Dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7B6079D5-842E-4801-96BF-286CB4D3FDC7} - System32\Tasks\AWC AutoCare => C:\Program Files\IObit\Advanced SystemCare 3\AutoCare.exe [2010-01-22] (IObit)
Task: {88C17DE1-2F8C-4D25-A035-2067152EFB7C} - System32\Tasks\{459B19C3-ADE4-4DA6-AE75-AB606A76100D} => pcalua.exe -a C:\Users\Dale\Pictures\MP10Setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8B138EAB-A157-41D7-B89A-C41E6A4D3492} - System32\Tasks\{AE2DA9EE-362D-4A49-8FE4-20E9561F5F22} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {8CA173C4-9CB2-493D-B5DD-B410A62AB0A4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000UA => C:\Users\Dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9CFFFDF0-6AF6-42B4-8AA9-AFABB39505E3} - System32\Tasks\{C6D949DF-AE47-48EF-87EE-B54BD9AC7D12} => pcalua.exe -a C:\Users\Dale\Pictures\MP10Setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {A462787A-EAA5-4DB5-879D-7CD2E66A4782} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dale => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A4BADB48-0AFE-427C-9405-43F51308F095} - System32\Tasks\{FFF16A5D-303A-4AA0-AA20-82DC0D1E162E} => pcalua.exe -a E:\Sims2DoubleDeluxe_uninst.exe -d E:\
Task: {F060B5CD-AC9E-41AD-B482-DFB0C25E0373} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {FE937C5B-BE95-47BC-95D4-149075CAA287} - System32\Tasks\{5BE699E8-84B5-4640-8E3C-B38EF1C0471C} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AWC AutoCare.job => C:\Program Files\IObit\Advanced SystemCare 3\AutoCare.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000Core.job => C:\Users\Dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3144670501-793434127-3194825423-1000UA.job => C:\Users\Dale\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-01-25 16:42 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-25 16:42 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2015-06-24 01:06 - 2015-06-24 01:06 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4952 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ArcadeDeluxeAgent =>
MSCONFIG\startupreg: AutoStartNPSAgent =>
MSCONFIG\startupreg: AVG9_TRAY =>
MSCONFIG\startupreg: AVG_TRAY => C:\Program Files\AVG\AVG10\avgtray.exe
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CLMLServer =>
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: eDataSecurity Loader =>
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: ePower_DMC =>
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: MSSE => "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PlayMovie =>
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: QuickTime Plugin Install => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Skytel => Skytel.exe
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{D96831D0-CC53-4431-93DF-12540E7B4B56}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A9040098-4CFE-4906-BCF6-B3995F1428DE}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{43ED8461-8264-41CF-A543-E155F7D1C18B}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7A345D19-4342-4FF5-9267-2E3B9E92DA01}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{782B1532-616A-4555-933B-0D7A609CB435}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{CBFCEE09-B268-40D0-9B98-8253B9881C48}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{0F388B47-814E-4F3F-82B2-859760D32881}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [TCP Query User{02A73F59-0CE5-42DA-9244-C1621584DC74}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A181BEE0-910D-45F5-9E76-4C52078BBA42}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7ED23C7C-332C-46F3-B042-FC120E681AA2}] => (Allow) svchost.exe
FirewallRules: [{FD7E183A-BB57-40C8-BD78-3DB69DA0798A}] => (Allow) LPort=80
FirewallRules: [{CC526EDB-19C9-412B-9E36-7138A1F6EA0E}] => (Allow) LPort=80
FirewallRules: [{BEE08D17-F826-4F1A-B428-2F60F4A0F8D7}] => (Allow) LPort=80
FirewallRules: [{BACE67D1-27C4-4C2C-AD6B-0A434CB73BA8}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{7BA2D625-8B4B-4FD9-9A0D-3AD3A9524404}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{56336479-9737-4FFE-8855-918D7F9C9FBD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DD607388-D62F-4111-AB7F-5F425F6834A5}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A387A9DE-08E2-4D72-B51E-9300D996A556}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7E086363-D096-4BC5-8180-A3282A5428AE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D68679D9-B780-41DC-ADAF-6E612F319B8D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C9CF640F-13DD-41A7-9D8F-CE726782E236}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B83F0FAC-1B5E-4F53-9F88-BA95E060C321}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{11F8C88E-22A9-4159-B2C1-EC9F16779F11}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{9F6D66FA-766E-4B94-8EEE-FEFF60F641AC}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{E404DEC5-0DB3-4E68-8156-0EC707A5928D}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{14D17D38-9566-45AA-A679-265382624BBC}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{584EB9BC-7127-4721-A8DE-5F6695981C65}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{A9897707-6CBD-4577-96B5-190E3F64E8A5}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{D5DFA828-2EDF-48E6-9214-0DE1E4BBD070}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{3C7E5A60-00F0-4B5E-99C4-EE789FEE5557}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{9E0B2BB4-38A8-4BC5-A1EE-8691BAB10217}] => (Allow) svchost.exe
FirewallRules: [{DE73DD72-30B0-4256-9A95-1D0A571254ED}] => (Allow) C:\Program Files\FrostWire\FrostWire.exe
FirewallRules: [{CB1F1EAA-FB90-4370-9B20-B67D151CB612}] => (Allow) C:\Program Files\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{26DEC40E-E861-40CB-A0FA-B97443253640}C:\program files\frostwire\frostwire.exe] => (Block) C:\program files\frostwire\frostwire.exe
FirewallRules: [UDP Query User{F85B39CE-932A-4367-83F0-E13A32D78027}C:\program files\frostwire\frostwire.exe] => (Block) C:\program files\frostwire\frostwire.exe
FirewallRules: [TCP Query User{006E1401-1F8F-4EF5-8EAD-6DB57ACDB3CA}C:\program files\rogers\rogers one number\rogersonenumber.exe] => (Allow) C:\program files\rogers\rogers one number\rogersonenumber.exe
FirewallRules: [UDP Query User{0AD2F68B-E1C6-45DE-890F-585FF498E92E}C:\program files\rogers\rogers one number\rogersonenumber.exe] => (Allow) C:\program files\rogers\rogers one number\rogersonenumber.exe
FirewallRules: [TCP Query User{4D72A92C-4A5E-463C-8B29-FB09E9D680CD}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{B12173E9-92A5-4E2A-B198-7E3C7831DE23}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{67EA706C-7BA4-4DCE-B03A-FFCE0B479A3D}C:\program files\frostwire 5\frostwire.exe] => (Block) C:\program files\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{5EED698D-66CD-4228-A3B5-E5D537431E5E}C:\program files\frostwire 5\frostwire.exe] => (Block) C:\program files\frostwire 5\frostwire.exe
FirewallRules: [{4C073957-B916-4F17-8810-BB6389DC9630}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{7917CF22-5E36-453A-B6FE-B0BC8F582881}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{C892A4BF-25B9-46E0-9B42-9F1FF1043691}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{99835B51-E93A-4807-824F-A29DAB4DBF88}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2EBF4329-8003-4652-9484-B3066F935589}] => (Allow) LPort=4481
FirewallRules: [{8913A08E-A97D-4EB6-B123-7DCB9F3A6B57}] => (Allow) LPort=4481
FirewallRules: [{E9D1A187-D8FB-47BC-8EEC-3BAE32D766E0}] => (Allow) LPort=4482
FirewallRules: [{E7C22CAB-245F-4648-9F49-B88C118A1808}] => (Allow) LPort=4482
FirewallRules: [{F0997C44-BA8C-4AD2-89EB-894382A3EE6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{151A665F-9CCB-4E2D-8881-699B98A6E02F}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{10A30EBE-D4BB-41E1-A806-6029CDD96ECC}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{FF202521-EA8A-4FD6-B47B-090B87D05EB7}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{E08795A5-0821-40FE-ACF8-D4E8C50C7FB6}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{A2572CBC-05F8-4BF4-A922-5FB532AD01A1}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{0A731BC3-13D9-4DAE-9F3F-A22814271D8B}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{3FDC47B8-ED94-4701-B7A7-FCB0793A0E43}] => (Allow) C:\Users\Dale\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{50D1D51E-791B-4A31-B5A3-FF8BAC7650F6}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{19D9DB35-8934-4977-B586-44719616AF34}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C7BB032C-B472-4EDB-9F69-4FB761F5FA94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{7DB59092-B79B-4746-BE7F-8669D8711736}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{36669886-1431-4090-9800-B56130714205}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1B40E914-45AB-49AF-A199-12F5B4A57C08}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{C4D0B3C2-63BD-4E34-872E-8B9C849387E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42912EDA-30C2-485E-BBA9-A850B39160A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45CB51E0-CE17-4C92-8042-91CD5C870A84}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{156D555D-1624-4CB1-A2A8-8D051C6D5C7C}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2F895A2B-F01F-4817-B905-68D51CF9EF76}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6B63475E-135D-43CE-B1CB-7B7FB8E229B7}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{616B726B-BC02-413C-92CF-39FBF470CE8D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1C3A1DF6-B549-4552-ADC9-16ECCFAB4479}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB223C7-6C95-4756-A403-614196119A78}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 00:13:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 05:19:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 01:31:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 11:40:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 10:25:26 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid

Error: (06/22/2015 10:25:26 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid

Error: (06/22/2015 09:37:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 07:36:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2015 07:36:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -551

Error: (06/22/2015 07:36:25 PM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (1496) Catalog Database: Database recovery/restore failed with unexpected error -551.


System errors:
=============
Error: (06/24/2015 00:14:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/24/2015 00:13:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/24/2015 00:13:32 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/24/2015 00:11:31 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2015 05:20:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/23/2015 05:20:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/23/2015 05:19:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/23/2015 05:19:00 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2015 05:17:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/23/2015 01:32:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-06-24 02:04:42.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:41.204
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:39.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:39.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:28.471
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:27.669
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:26.866
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:26.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSEH.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:25.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-24 02:04:24.305
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AVGIDSDriver.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3000.12 MB
Available physical RAM: 1229.39 MB
Total Pagefile: 6244.48 MB
Available Pagefile: 4532.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.56 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:36.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:105.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: E199D812)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.6 GB) - (Type=07 NTFS)

==================== End of log ============================

 

[KKimble]

Please let me know if I did posted this correctly. I now just had my webpage redirected to a site, telling me to call a number to get rid of my malware/adware. Thank you for your help!

 

[Broni]

You're running two AV programs, AVG and MSE.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[KKimble]

Currently doing the Malwarebytes process, but here is the RogueKiller log.

RogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Dale [Administrator]
Started from : C:\Users\Dale\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/24/2015 21:29:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735 -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E28A700D-C329-4ADB-9C7F-07830A324F9D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E28A700D-C329-4ADB-9C7F-07830A324F9D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E28A700D-C329-4ADB-9C7F-07830A324F9D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E28A700D-C329-4ADB-9C7F-07830A324F9D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] baf5009d6f612e015f9ee3111d7a1981
[BSP] 4a3937331eb0ecf84d4f316c02d825bc : Acer|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 114243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 254451712 | Size: 114230 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06242015_212625.log

 

[KKimble]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/06/2015
Scan Time: 9:34:42 PM
Logfile: first scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.24.05
Rootkit Database: v2015.06.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Dale

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326803
Time Elapsed: 24 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.OpenCandy, C:\Users\Dale\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.3.windows.exe, Quarantined, [7d08823ccfbba98d629ba0cffa0c6f91],
PUP.Optional.OpenCandy, C:\Users\Dale\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.4.windows.exe, Quarantined, [0085b8066c1e42f4fffe0d6246c0c53b],
PUP.Optional.OpenCandy, C:\Users\Dale\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe, Quarantined, [5b2af2ccccbed26435c80f606d99b749],
PUP.Optional.OpenCandy, C:\Users\Dale\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.8.windows.exe, Quarantined, [0c798b33e2a8211552abc5aaad5907f9],
PUP.Optional.OpenCandy, C:\Program Files\FrostWire\frostwire-installer.exe, Quarantined, [72133688e7a325119469fb74778f6799],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[KKimble]

# AdwCleaner v4.207 - Logfile created 24/06/2015 at 22:10:05
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Dale - DALE-PC
# Running from : C:\Users\Dale\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [3127 bytes] - [22/06/2015 21:18:07]
AdwCleaner[R1].txt - [3186 bytes] - [22/06/2015 21:23:29]
AdwCleaner[R2].txt - [3245 bytes] - [22/06/2015 21:33:16]
AdwCleaner[R3].txt - [1000 bytes] - [22/06/2015 22:21:47]
AdwCleaner[R4].txt - [1059 bytes] - [24/06/2015 22:08:39]
AdwCleaner[S0].txt - [3147 bytes] - [22/06/2015 21:34:27]
AdwCleaner[S1].txt - [986 bytes] - [24/06/2015 22:10:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1044 bytes] ##########

 

[KKimble]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.3 (06.24.2015:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Dale on 24/06/2015 at 22:17:12.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Program Files\mozilla firefox\defaults\pref\channel-prefs.js



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{40F72BAB-0139-46FD-A90C-F3096FBD17DF}
Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{A94F3DA8-53B0-496E-8183-AD8CCDB1066F}
Successfully deleted: [Empty Folder] C:\Users\Dale\appdata\local\{F92FD7DC-8685-4FA0-ABAB-9AA2C95C9B32}
Successfully deleted: [Folder] C:\Users\Dale\AppData\Roaming\productdata



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/06/2015 at 22:19:40.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[KKimble]

I forgot about Malwarebytes being installed, should I disable it and redo the Combofix?


ComboFix 15-06-24.02 - Dale 24/06/2015 23:55:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.1933 [GMT -4:00]
Running from: c:\users\Dale\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Dale\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2015-05-25 to 2015-06-25 )))))))))))))))))))))))))))))))
.
.
2015-06-25 04:01 . 2015-06-25 04:15 -------- d-----w- c:\users\Dale\AppData\Local\temp
2015-06-25 02:18 . 2015-06-25 02:18 -------- d-----w- c:\users\Dale\AppData\Local\CrashDumps
2015-06-25 02:17 . 2015-06-25 02:17 -------- d-----w- C:\RegBackup
2015-06-25 01:33 . 2015-06-25 04:15 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-25 01:32 . 2015-04-14 13:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-25 01:32 . 2015-04-14 13:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-25 01:32 . 2015-06-25 01:32 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-25 01:32 . 2015-06-25 01:32 -------- d-----w- c:\programdata\Malwarebytes
2015-06-25 01:32 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-25 01:17 . 2015-06-25 01:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-25 01:17 . 2015-06-25 01:53 -------- d-----w- c:\programdata\RogueKiller
2015-06-24 06:03 . 2015-06-25 01:09 -------- d-----w- C:\FRST
2015-06-24 04:26 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E467FECF-EFB0-475E-8132-0EE62436D3EA}\mpengine.dll
2015-06-23 01:18 . 2015-06-25 02:10 -------- d-----w- C:\AdwCleaner
2015-06-22 23:52 . 2015-04-10 06:32 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36128D09-E4D7-4201-AFB0-79FD0191141E}\gapaengine.dll
2015-06-19 05:48 . 2015-04-10 06:32 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-10 07:02 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 07:01 . 2015-05-21 14:22 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-06-09 23:45 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-06-09 23:45 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-09 23:45 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-09 23:45 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-06-09 23:45 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-06-09 23:45 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-06-09 23:45 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-24 05:06 . 2012-12-19 01:04 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-24 05:06 . 2011-08-04 11:04 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-03 03:42 . 2010-01-10 02:06 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-30 16:03 . 2015-05-13 18:30 279040 ----a-w- c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-13 18:25 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-19 21:24 . 2015-05-13 18:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24 . 2015-05-13 18:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-19 21:24 . 2015-05-13 18:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-19 21:24 . 2015-05-13 18:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-04-19 20:19 . 2015-05-13 18:28 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-04-19 20:18 . 2015-05-13 18:28 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-19 20:13 . 2015-05-13 18:28 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-04-19 20:12 . 2015-05-13 18:28 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-04-19 20:12 . 2015-05-13 18:28 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22 . 2015-05-13 07:03 279552 ----a-w- c:\windows\system32\services.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...C1DSUQ2NSsyLUNJRDY1Tisx&prod=90&ver=10.0.1427" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 23:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 23:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-09-10 22:02 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 23:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 15:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
2011-01-19 04:00 86016 ----a-w- c:\program files\QuickTime\Plugins\DeleteMe1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-07-28 22:23 9398888 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:24 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-18 03:12 508800 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 18:08 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 17:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 05:06]
.
2015-06-01 c:\windows\Tasks\AWC AutoCare.job
- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2010-09-08 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.ca/
FF - ExtSQL: !HIDDEN! 2009-09-03 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-Skytel - Skytel.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-25 00:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\agrsmsvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2015-06-25 00:19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-25 04:19
.
Pre-Run: 40,113,537,024 bytes free
Post-Run: 40,079,196,160 bytes free
.
- - End Of File - - 8287EE68CFDB442B3558AACCD861AEA5
6FC6F9186C07BCA94E140F63BFE6E9B4

 

[KKimble]

Went back and made sure Malwarebytes was disabled, as well as another malware program/Windows Firewall, and did Combofix again. Here is the log.


ComboFix 15-06-24.02 - Dale 25/06/2015 0:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3000.1942 [GMT -4:00]
Running from: c:\users\Dale\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-05-25 to 2015-06-25 )))))))))))))))))))))))))))))))
.
.
2015-06-25 04:40 . 2015-06-25 04:43 -------- d-----w- c:\users\Dale\AppData\Local\temp
2015-06-25 04:40 . 2015-06-25 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-25 04:28 . 2015-06-25 04:28 -------- d-----w- c:\users\Dale\AppData\Roaming\ProductData
2015-06-25 02:18 . 2015-06-25 02:18 -------- d-----w- c:\users\Dale\AppData\Local\CrashDumps
2015-06-25 02:17 . 2015-06-25 02:17 -------- d-----w- C:\RegBackup
2015-06-25 01:33 . 2015-06-25 04:25 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-25 01:32 . 2015-04-14 13:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-25 01:32 . 2015-04-14 13:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-25 01:32 . 2015-06-25 01:32 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-25 01:32 . 2015-06-25 01:32 -------- d-----w- c:\programdata\Malwarebytes
2015-06-25 01:32 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-25 01:17 . 2015-06-25 01:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-25 01:17 . 2015-06-25 01:53 -------- d-----w- c:\programdata\RogueKiller
2015-06-24 06:03 . 2015-06-25 01:09 -------- d-----w- C:\FRST
2015-06-24 04:26 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E467FECF-EFB0-475E-8132-0EE62436D3EA}\mpengine.dll
2015-06-23 01:18 . 2015-06-25 02:10 -------- d-----w- C:\AdwCleaner
2015-06-22 23:52 . 2015-04-10 06:32 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36128D09-E4D7-4201-AFB0-79FD0191141E}\gapaengine.dll
2015-06-19 05:48 . 2015-04-10 06:32 740840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-10 07:02 . 2015-04-24 15:54 532480 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 07:01 . 2015-05-21 14:22 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-06-09 23:45 . 2015-05-04 22:50 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-06-09 23:45 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-06-09 23:45 . 2015-05-04 22:50 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-06-09 23:45 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2015-06-09 23:45 . 2015-05-04 21:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2015-06-09 23:45 . 2015-05-04 21:21 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2015-06-09 23:45 . 2015-05-04 21:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-24 05:06 . 2012-12-19 01:04 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-06-24 05:06 . 2011-08-04 11:04 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-03 03:42 . 2010-01-10 02:06 9265072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-30 16:03 . 2015-05-13 18:30 279040 ----a-w- c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-13 18:25 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-19 21:24 . 2015-05-13 18:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-19 21:24 . 2015-05-13 18:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-19 21:24 . 2015-05-13 18:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-19 21:24 . 2015-05-13 18:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-04-19 20:19 . 2015-05-13 18:28 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-04-19 20:18 . 2015-05-13 18:28 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-19 20:13 . 2015-05-13 18:28 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-04-19 20:12 . 2015-05-13 18:28 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-04-19 20:12 . 2015-05-13 18:28 801792 ----a-w- c:\windows\system32\FntCache.dll
2015-04-14 06:35 . 2015-04-14 06:35 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 06:35 . 2015-04-14 06:35 536776 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-04-10 23:22 . 2015-05-13 07:03 279552 ----a-w- c:\windows\system32\services.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...C1DSUQ2NSsyLUNJRDY1Tisx&prod=90&ver=10.0.1427" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 23:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 23:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-09-10 22:02 809480 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 23:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 15:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Plugin Install]
2011-01-19 04:00 86016 ----a-w- c:\program files\QuickTime\Plugins\DeleteMe1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-07-28 22:23 9398888 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:24 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-18 03:12 508800 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 18:08 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2008-01-21 02:23 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 17:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 05:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.ca/
FF - ExtSQL: !HIDDEN! 2009-09-03 17:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-25 00:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\agrsmsvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2015-06-25 00:48:17 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-25 04:48
ComboFix2.txt 2015-06-25 04:19
.
Pre-Run: 40,175,579,136 bytes free
Post-Run: 40,036,855,808 bytes free
.
- - End Of File - - 411B44789BF5DF527FFE22CFE15B9F13
6FC6F9186C07BCA94E140F63BFE6E9B4

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[KKimble]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by Dale (administrator) on DALE-PC on 26-06-2015 01:40:55
Running from C:\Users\Dale\Desktop
Loaded Profiles: Dale (Available Profiles: Dale)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-20] (Microsoft Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...VZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjc5Njk2MzYyLUZMKzktRERUKzE5NDA4LUZMMTArMS1MU0QrMi1GMTBNMTJEV (the data entry has 189 more characters).

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0109&m=aspire_5735
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3144670501-793434127-3194825423-1000 -> Yahoo! URL = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKU\S-1-5-21-3144670501-793434127-3194825423-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-21] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://yahoo.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-12] (Apple Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-06-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-04-10]
FF Extension: Ghostery - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\firefox@ghostery.com.xpi [2014-08-29]
FF Extension: Adblock Plus - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pawquoac.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2014-06-25] (SEIKO EPSON CORPORATION)
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2010-11-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [206360 2010-11-11] (Microsoft Corporation)
S4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2008-12-13] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165264 2010-10-24] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 01:40 - 2015-06-26 01:42 - 00011713 _____ C:\Users\Dale\Desktop\FRST.txt
2015-06-25 00:48 - 2015-06-25 00:48 - 00013315 _____ C:\ComboFix.txt
2015-06-25 00:28 - 2015-06-25 00:28 - 00000000 ____D C:\Users\Dale\AppData\Roaming\ProductData
2015-06-24 23:53 - 2015-06-25 00:48 - 00000000 ____D C:\Qoobox
2015-06-24 23:53 - 2015-06-25 00:43 - 00000000 ____D C:\Windows\erdnt
2015-06-24 23:53 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-24 23:53 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-24 23:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-24 23:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-24 23:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-24 23:53 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-24 23:53 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-24 23:53 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-24 23:49 - 2015-06-24 23:49 - 05630239 ____R (Swearware) C:\Users\Dale\Desktop\ComboFix.exe
2015-06-24 22:18 - 2015-06-24 22:18 - 00000000 ____D C:\Users\Dale\AppData\Local\CrashDumps
2015-06-24 22:17 - 2015-06-24 22:17 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DALE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-06-24 22:17 - 2015-06-24 22:17 - 00000000 ____D C:\RegBackup
2015-06-24 22:15 - 2015-06-24 22:15 - 02951730 _____ (Malwarebytes Corporation) C:\Users\Dale\Desktop\JRT.exe
2015-06-24 22:07 - 2015-06-24 22:08 - 02244096 _____ C:\Users\Dale\Desktop\adwcleaner_4.207.exe
2015-06-24 22:04 - 2015-06-24 22:04 - 00001805 _____ C:\first scan.txt
2015-06-24 21:33 - 2015-06-25 00:25 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-24 21:32 - 2015-06-24 21:32 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-24 21:32 - 2015-06-24 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-24 21:32 - 2015-06-24 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-24 21:32 - 2015-06-24 21:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-24 21:32 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-24 21:32 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-24 21:32 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-24 21:17 - 2015-06-24 21:53 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-24 21:17 - 2015-06-24 21:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-24 21:11 - 2015-06-24 21:12 - 17679608 _____ C:\Users\Dale\Desktop\RogueKiller.exe
2015-06-24 02:03 - 2015-06-26 01:41 - 00000000 ____D C:\FRST
2015-06-24 02:02 - 2015-06-24 21:08 - 01636352 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2015-06-22 21:18 - 2015-06-24 22:10 - 00000000 ____D C:\AdwCleaner
2015-06-10 03:02 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 03:01 - 2015-05-21 10:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:50 - 2015-05-08 19:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 19:47 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:47 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:47 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 19:47 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:47 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:47 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:47 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 19:47 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 19:47 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 19:47 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:47 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 19:47 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 19:45 - 2015-05-04 18:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 19:45 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 19:45 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 19:45 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 19:45 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-02 22:58 - 2015-06-04 00:06 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-26 01:41 - 2009-01-26 05:20 - 01462432 _____ C:\Windows\WindowsUpdate.log
2015-06-26 01:06 - 2014-12-12 00:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-26 00:26 - 2006-11-02 06:33 - 00763018 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 00:20 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 00:20 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 00:20 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-25 17:35 - 2006-11-02 09:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-25 17:04 - 2014-12-02 19:02 - 00000000 ____D C:\Users\Dale\Desktop\Price Match
2015-06-25 00:43 - 2011-07-17 07:44 - 00229980 _____ C:\Windows\PFRO.log
2015-06-25 00:43 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini
2015-06-25 00:19 - 2006-11-02 07:18 - 00000000 __RHD C:\Users\Default
2015-06-25 00:19 - 2006-11-02 07:18 - 00000000 ___RD C:\Users\Public
2015-06-24 21:59 - 2015-04-10 16:22 - 00000000 ____D C:\Program Files\FrostWire
2015-06-24 21:59 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\security
2015-06-24 20:54 - 2010-08-08 19:08 - 00000000 ____D C:\Program Files\AVG
2015-06-24 01:06 - 2012-12-18 21:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-24 01:06 - 2011-08-04 07:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-22 23:33 - 2009-01-25 16:27 - 00000000 ____D C:\Users\Dale
2015-06-22 23:33 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\system32\spool
2015-06-22 23:33 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2015-06-22 23:33 - 2006-11-02 06:22 - 51642368 _____ C:\Windows\system32\config\software_previous
2015-06-22 23:33 - 2006-11-02 06:22 - 39321600 _____ C:\Windows\system32\config\system_previous
2015-06-22 23:32 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\registration
2015-06-22 23:25 - 2006-11-02 06:22 - 00057344 _____ C:\Windows\system32\config\sam_previous
2015-06-22 23:25 - 2006-11-02 06:22 - 00024576 _____ C:\Windows\system32\config\security_previous
2015-06-22 20:14 - 2008-04-30 05:54 - 00000147 _____ C:\Windows\system32\agent.log
2015-06-22 19:23 - 2006-11-02 06:22 - 46399488 _____ C:\Windows\system32\config\components_previous
2015-06-22 19:23 - 2006-11-02 06:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-06-10 17:22 - 2006-11-02 08:47 - 00298656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-09 19:46 - 2013-07-20 02:29 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 19:46 - 2006-11-02 06:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-09 02:24 - 2011-02-08 02:36 - 00000650 _____ C:\Users\Dale\AppData\Roaming\wklnhst.dat
2015-06-05 02:44 - 2009-09-23 00:20 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Skype
2015-06-04 15:57 - 2010-07-18 14:56 - 00000000 ___RD C:\Users\Dale\Incomplete
2015-06-04 15:54 - 2012-09-20 14:14 - 00000000 ____D C:\Users\Dale\.frostwire5
2015-06-04 15:41 - 2014-10-17 19:22 - 00000000 ____D C:\Users\Dale\Desktop\School
2015-06-04 00:06 - 2012-04-26 00:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-27 21:31 - 2012-09-27 21:31 - 0001147 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-02-27 05:10 - 2014-03-20 06:04 - 0000231 _____ () C:\Users\Dale\AppData\Roaming\Rim.Transcoder.Exception.log
2011-02-08 02:36 - 2015-06-09 02:24 - 0000650 _____ () C:\Users\Dale\AppData\Roaming\wklnhst.dat
2009-07-05 00:42 - 2012-10-19 02:23 - 0001356 _____ () C:\Users\Dale\AppData\Local\d3d9caps.dat
2014-03-20 05:20 - 2014-10-14 02:22 - 0039424 _____ () C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-25 16:37 - 2009-01-25 16:38 - 0091992 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20090125.log
2011-07-21 01:18 - 2011-07-21 01:19 - 0147408 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20110721.log
2010-08-12 07:21 - 2011-07-21 02:45 - 0000000 _____ () C:\Users\Dale\AppData\Local\prvlcl.dat
2012-04-24 19:42 - 2012-04-24 19:44 - 0003320 _____ () C:\Users\Dale\AppData\Local\rogerscookie
2009-09-23 00:22 - 2009-09-23 00:22 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-08 16:34 - 2010-01-08 16:34 - 0007256 _____ () C:\ProgramData\N360BUOptions.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-26 00:35

==================== End of log ============================

 

[KKimble]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Dale at 2015-06-26 01:42:46
Running from C:\Users\Dale\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3144670501-793434127-3194825423-500 - Administrator - Disabled)
Dale (S-1-5-21-3144670501-793434127-3194825423-1000 - Administrator - Enabled) => C:\Users\Dale
Guest (S-1-5-21-3144670501-793434127-3194825423-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Crystal Eye Webcam 2.0.8 (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.0.8 - SuYin)
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced SystemCare 3 (HKLM\...\Advanced SystemCare 3_is1) (Version: 3.7.3 - IObit)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BearShare (HKLM\...\BearShare) (Version: 12.0.0.134600 - Musiclab, LLC)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
EPSON Artisan 730 Series Printer Uninstall (HKLM\...\EPSON Artisan 730 Series) (Version: - SEIKO EPSON Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FrostWire 6.0.7 (HKLM\...\FrostWire 6) (Version: 6.0.7.4 - FrostWire LLC)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.55.3.3 - Marvell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6322 - NewTech Infosystems) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
StudioTax 2013 (HKLM\...\{8D18F314-6668-4E2F-936A-70025F2D40C7}) (Version: 9.1.7.0 - BHOK IT Consulting)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No Filepath

==================== Restore Points =========================

21-06-2015 16:00:08 Windows Update
21-06-2015 17:22:19 Restore Operation
22-06-2015 16:53:54 Restore Operation
22-06-2015 19:50:03 Windows Update
22-06-2015 20:29:51 Removed AVG 2011
24-06-2015 23:29:03 Scheduled Checkpoint
25-06-2015 15:52:36 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-06-25 00:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {77D7B984-425B-4C11-AC09-266B84406D0F} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {88C17DE1-2F8C-4D25-A035-2067152EFB7C} - System32\Tasks\{459B19C3-ADE4-4DA6-AE75-AB606A76100D} => pcalua.exe -a C:\Users\Dale\Pictures\MP10Setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {8B138EAB-A157-41D7-B89A-C41E6A4D3492} - System32\Tasks\{AE2DA9EE-362D-4A49-8FE4-20E9561F5F22} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {9CFFFDF0-6AF6-42B4-8AA9-AFABB39505E3} - System32\Tasks\{C6D949DF-AE47-48EF-87EE-B54BD9AC7D12} => pcalua.exe -a C:\Users\Dale\Pictures\MP10Setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {A462787A-EAA5-4DB5-879D-7CD2E66A4782} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dale => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {A4BADB48-0AFE-427C-9405-43F51308F095} - System32\Tasks\{FFF16A5D-303A-4AA0-AA20-82DC0D1E162E} => pcalua.exe -a E:\Sims2DoubleDeluxe_uninst.exe -d E:\
Task: {F060B5CD-AC9E-41AD-B482-DFB0C25E0373} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {FE937C5B-BE95-47BC-95D4-149075CAA287} - System32\Tasks\{5BE699E8-84B5-4640-8E3C-B38EF1C0471C} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2009-01-25 16:42 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-25 16:42 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3144670501-793434127-3194825423-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4952 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3144670501-793434127-3194825423-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dale\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LManager => C:\PROGRA~1\LAUNCH~1\LManager.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: QuickTime Plugin Install => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdSync.exe
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{55E5AC1D-E66C-4A6D-AB6E-40A1926AA6D5}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{5B94FB7E-4F9E-4B8F-BE1F-9FE57EAFC1EE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{D96831D0-CC53-4431-93DF-12540E7B4B56}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{A9040098-4CFE-4906-BCF6-B3995F1428DE}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{43ED8461-8264-41CF-A543-E155F7D1C18B}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{7A345D19-4342-4FF5-9267-2E3B9E92DA01}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{0B538B91-DA99-4709-B4D4-0B6AC6ADA895}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{782B1532-616A-4555-933B-0D7A609CB435}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{CBFCEE09-B268-40D0-9B98-8253B9881C48}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{0F388B47-814E-4F3F-82B2-859760D32881}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [TCP Query User{02A73F59-0CE5-42DA-9244-C1621584DC74}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A181BEE0-910D-45F5-9E76-4C52078BBA42}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7ED23C7C-332C-46F3-B042-FC120E681AA2}] => (Allow) svchost.exe
FirewallRules: [{FD7E183A-BB57-40C8-BD78-3DB69DA0798A}] => (Allow) LPort=80
FirewallRules: [{CC526EDB-19C9-412B-9E36-7138A1F6EA0E}] => (Allow) LPort=80
FirewallRules: [{BEE08D17-F826-4F1A-B428-2F60F4A0F8D7}] => (Allow) LPort=80
FirewallRules: [{BACE67D1-27C4-4C2C-AD6B-0A434CB73BA8}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{7BA2D625-8B4B-4FD9-9A0D-3AD3A9524404}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{56336479-9737-4FFE-8855-918D7F9C9FBD}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DD607388-D62F-4111-AB7F-5F425F6834A5}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{A387A9DE-08E2-4D72-B51E-9300D996A556}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7E086363-D096-4BC5-8180-A3282A5428AE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D68679D9-B780-41DC-ADAF-6E612F319B8D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C9CF640F-13DD-41A7-9D8F-CE726782E236}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{B83F0FAC-1B5E-4F53-9F88-BA95E060C321}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E404DEC5-0DB3-4E68-8156-0EC707A5928D}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{14D17D38-9566-45AA-A679-265382624BBC}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{9E0B2BB4-38A8-4BC5-A1EE-8691BAB10217}] => (Allow) svchost.exe
FirewallRules: [{DE73DD72-30B0-4256-9A95-1D0A571254ED}] => (Allow) C:\Program Files\FrostWire\FrostWire.exe
FirewallRules: [{CB1F1EAA-FB90-4370-9B20-B67D151CB612}] => (Allow) C:\Program Files\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{26DEC40E-E861-40CB-A0FA-B97443253640}C:\program files\frostwire\frostwire.exe] => (Block) C:\program files\frostwire\frostwire.exe
FirewallRules: [UDP Query User{F85B39CE-932A-4367-83F0-E13A32D78027}C:\program files\frostwire\frostwire.exe] => (Block) C:\program files\frostwire\frostwire.exe
FirewallRules: [TCP Query User{006E1401-1F8F-4EF5-8EAD-6DB57ACDB3CA}C:\program files\rogers\rogers one number\rogersonenumber.exe] => (Allow) C:\program files\rogers\rogers one number\rogersonenumber.exe
FirewallRules: [UDP Query User{0AD2F68B-E1C6-45DE-890F-585FF498E92E}C:\program files\rogers\rogers one number\rogersonenumber.exe] => (Allow) C:\program files\rogers\rogers one number\rogersonenumber.exe
FirewallRules: [TCP Query User{4D72A92C-4A5E-463C-8B29-FB09E9D680CD}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{B12173E9-92A5-4E2A-B198-7E3C7831DE23}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{67EA706C-7BA4-4DCE-B03A-FFCE0B479A3D}C:\program files\frostwire 5\frostwire.exe] => (Block) C:\program files\frostwire 5\frostwire.exe
FirewallRules: [UDP Query User{5EED698D-66CD-4228-A3B5-E5D537431E5E}C:\program files\frostwire 5\frostwire.exe] => (Block) C:\program files\frostwire 5\frostwire.exe
FirewallRules: [{4C073957-B916-4F17-8810-BB6389DC9630}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{7917CF22-5E36-453A-B6FE-B0BC8F582881}] => (Allow) C:\Program Files\FrostWire 5\FrostWire.exe
FirewallRules: [{C892A4BF-25B9-46E0-9B42-9F1FF1043691}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{99835B51-E93A-4807-824F-A29DAB4DBF88}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{2EBF4329-8003-4652-9484-B3066F935589}] => (Allow) LPort=4481
FirewallRules: [{8913A08E-A97D-4EB6-B123-7DCB9F3A6B57}] => (Allow) LPort=4481
FirewallRules: [{E9D1A187-D8FB-47BC-8EEC-3BAE32D766E0}] => (Allow) LPort=4482
FirewallRules: [{E7C22CAB-245F-4648-9F49-B88C118A1808}] => (Allow) LPort=4482
FirewallRules: [{F0997C44-BA8C-4AD2-89EB-894382A3EE6D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{151A665F-9CCB-4E2D-8881-699B98A6E02F}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{10A30EBE-D4BB-41E1-A806-6029CDD96ECC}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{3FDC47B8-ED94-4701-B7A7-FCB0793A0E43}] => (Allow) C:\Users\Dale\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{50D1D51E-791B-4A31-B5A3-FF8BAC7650F6}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{19D9DB35-8934-4977-B586-44719616AF34}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C7BB032C-B472-4EDB-9F69-4FB761F5FA94}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{7DB59092-B79B-4746-BE7F-8669D8711736}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{36669886-1431-4090-9800-B56130714205}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1B40E914-45AB-49AF-A199-12F5B4A57C08}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{C4D0B3C2-63BD-4E34-872E-8B9C849387E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42912EDA-30C2-485E-BBA9-A850B39160A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45CB51E0-CE17-4C92-8042-91CD5C870A84}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{156D555D-1624-4CB1-A2A8-8D051C6D5C7C}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{2F895A2B-F01F-4817-B905-68D51CF9EF76}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6B63475E-135D-43CE-B1CB-7B7FB8E229B7}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{616B726B-BC02-413C-92CF-39FBF470CE8D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1C3A1DF6-B549-4552-ADC9-16ECCFAB4479}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB223C7-6C95-4756-A403-614196119A78}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2015 00:20:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 02:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 01:50:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 00:43:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2015 00:04:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 10:18:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, time stamp 0x5563c49a, faulting module mozalloc.dll, version 38.0.5.5623, time stamp 0x5563b229, exception code 0x80000003, fault offset 0x00001aa1,
process id 0xfdc, application start time 0xplugin-container.exe0.

Error: (06/24/2015 10:13:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 10:01:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 09:05:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 09:01:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/26/2015 00:21:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/26/2015 00:20:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/26/2015 00:19:55 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/26/2015 00:18:05 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/25/2015 02:36:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/25/2015 02:36:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/25/2015 02:35:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/25/2015 02:35:20 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/25/2015 02:33:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (06/25/2015 01:51:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-06-26 01:42:34.851
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:34.009
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:33.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:32.293
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:31.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:30.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:29.453
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:42:28.595
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:41:37.677
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-06-26 01:41:36.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 3000.12 MB
Available physical RAM: 1331.38 MB
Total Pagefile: 6242.5 MB
Available Pagefile: 4697.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.48 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:38.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:110.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: E199D812)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.6 GB) - (Type=07 NTFS)

==================== End of log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[KKimble]

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Dale at 2015-06-26 23:19:34 Run:1
Running from C:\Users\Dale\Desktop
Loaded Profiles: Dale (Available Profiles: Dale)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-unins...VZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjc5Njk2MzYyLUZMKzktRERUKzE5NDA4LUZMMTArMS1MU0QrMi1GMTBNMTJEV (the data entry has 189 more characters).
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3144670501-793434127-3194825423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3144670501-793434127-3194825423-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-27 21:31 - 2012-09-27 21:31 - 0001147 _____ () C:\Users\Dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-27 21:33 - 2014-03-20 06:04 - 0000308 _____ () C:\Users\Dale\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-02-27 05:10 - 2014-03-20 06:04 - 0000231 _____ () C:\Users\Dale\AppData\Roaming\Rim.Transcoder.Exception.log
2011-02-08 02:36 - 2015-06-09 02:24 - 0000650 _____ () C:\Users\Dale\AppData\Roaming\wklnhst.dat
2009-07-05 00:42 - 2012-10-19 02:23 - 0001356 _____ () C:\Users\Dale\AppData\Local\d3d9caps.dat
2014-03-20 05:20 - 2014-10-14 02:22 - 0039424 _____ () C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-01-25 16:37 - 2009-01-25 16:38 - 0091992 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20090125.log
2011-07-21 01:18 - 2011-07-21 01:19 - 0147408 _____ () C:\Users\Dale\AppData\Local\edsinstaller.txt-20110721.log
2010-08-12 07:21 - 2011-07-21 02:45 - 0000000 _____ () C:\Users\Dale\AppData\Local\prvlcl.dat
2012-04-24 19:42 - 2012-04-24 19:44 - 0003320 _____ () C:\Users\Dale\AppData\Local\rogerscookie
2009-09-23 00:22 - 2009-09-23 00:22 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-01-08 16:34 - 2010-01-08 16:34 - 0007256 _____ () C:\ProgramData\N360BUOptions.ini
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No Filepath
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla" => key removed successfully.
catchme => Service removed successfully.
IpInIp => Service removed successfully.
NwlnkFlt => Service removed successfully.
NwlnkFwd => Service removed successfully.
usbbus => Service removed successfully.
UsbDiag => Service removed successfully.
USBModem => Service removed successfully.
C:\Users\Dale\AppData\Roaming\Rim.Desktop.Exception.log => moved successfully.
C:\Users\Dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => moved successfully.
C:\Users\Dale\AppData\Roaming\Rim.DesktopHelper.Exception.log => moved successfully.
C:\Users\Dale\AppData\Roaming\Rim.Transcoder.Exception.log => moved successfully.
C:\Users\Dale\AppData\Roaming\wklnhst.dat => moved successfully.
C:\Users\Dale\AppData\Local\d3d9caps.dat => moved successfully.
C:\Users\Dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Dale\AppData\Local\edsinstaller.txt-20090125.log => moved successfully.
C:\Users\Dale\AppData\Local\edsinstaller.txt-20110721.log => moved successfully.
C:\Users\Dale\AppData\Local\prvlcl.dat => moved successfully.
C:\Users\Dale\AppData\Local\rogerscookie => moved successfully.
C:\ProgramData\ezsidmv.dat => moved successfully.
C:\ProgramData\N360BUOptions.ini => moved successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}" => key removed successfully.
"HKU\S-1-5-21-3144670501-793434127-3194825423-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully..

==== End of Fixlog 23:19:35 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[KKimble]

Results of screen317's Security Check version 1.004
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 17.0.0.190 Flash Player out of Date!
Adobe Reader 10.1.13 Adobe Reader out of Date!
Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Microsoft Security Client Antimalware MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[KKimble]

Farbar Service Scanner Version: 17-01-2015
Ran by Dale (administrator) on 27-06-2015 at 12:12:39
Running from "C:\Users\Dale\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[KKimble]

Not sure if you needed the temp file cleaner log

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Dale
->Temp folder emptied: 128178 bytes
->Temporary Internet Files folder emptied: 66420 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 367728730 bytes
->Flash cache emptied: 1810 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49248 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1022721 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 0 bytes
Process complete!
Total Files Cleaned = 352.00 mb

 

[KKimble]

Sophos didn't find anything, no log produced.

 

[Broni]

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[KKimble]

Thank you so much for all your help! Was my computer pretty badly infected? I'm pretty ignorant when it comes to the logs lol