Solved Some suspicious files

[SCMc]

After an Avast update, my computer kept locking up while browsing, unless I disabled Avast. Since then, my computer seems slower, and I found a suspicious file:
C:\32788R22FWJFW\EN-US\cmd.3XE.mui

Frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by Andree Rezai (administrator) on ANDREEREZAI-PC (04-12-2015 13:37:06)
Running from C:\Users\Andree Rezai\Desktop
Loaded Profiles: Andree Rezai (Available Profiles: Andree Rezai)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D17C858C-B8C6-4EFE-8C0F-EBC2C2848AE3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> DefaultScope {7B9F4103-F692-470F-AF26-D23F5E4E2F3D} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
SearchScopes: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> {7B9F4103-F692-470F-AF26-D23F5E4E2F3D} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-04] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Andree Rezai\AppData\Roaming\Mozilla\Firefox\Profiles\n57uf3ip.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2436680478-200282203-879032571-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-2436680478-200282203-879032571-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-09-01] (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andree Rezai\AppData\Roaming\Mozilla\Firefox\Profiles\n57uf3ip.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-03-17] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-01] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://canogaparkhs.org/","hxxp://misis.lausd.net/start","hxxp://home.lausd.net/","hxxp://mail.lausd.net/"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 FoxitCloudUpdateService; "C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-12-04] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435976 2015-12-04] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [165104 2015-12-04] (AVAST Software)
R3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [58016 2015-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-04] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-12-02] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2015-12-02] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 13:37 - 2015-12-04 13:37 - 00015318 _____ C:\Users\Andree Rezai\Desktop\FRST.txt
2015-12-04 13:35 - 2015-12-04 13:37 - 00000000 ____D C:\FRST
2015-12-04 13:32 - 2015-12-04 13:33 - 01721344 _____ (Farbar) C:\Users\Andree Rezai\Desktop\FRST.exe
2015-12-04 13:14 - 2015-12-04 13:09 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEBAB.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00435976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF35D.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-04 13:14 - 2015-12-04 13:09 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF477.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00165104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF572.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF08E.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00058016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF6BB.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswED80.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF198.tmp
2015-12-04 13:14 - 2015-12-04 13:09 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEED8.tmp
2015-12-04 13:10 - 2015-12-04 13:10 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\AVAST Software
2015-12-04 13:10 - 2015-12-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-04 13:09 - 2015-12-04 13:09 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00435976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00165104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00058016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-04 13:09 - 2015-12-04 13:09 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-04 13:05 - 2015-12-04 13:05 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-04 12:51 - 2015-12-04 12:51 - 05084256 _____ (AVAST Software) C:\Users\Andree Rezai\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-12-03 15:20 - 2015-12-03 15:20 - 00000259 _____ C:\Users\Andree Rezai\Desktop\Virus and Malware Removal - TechSpot Forums.URL
2015-12-02 12:55 - 2015-12-02 12:55 - 00002101 _____ C:\Users\Andree Rezai\Desktop\JRT.txt
2015-12-02 12:28 - 2015-12-02 12:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-02 12:27 - 2015-12-02 12:27 - 00000000 ____D C:\Windows\system32\DAX2
2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 ____D C:\Windows\system32\RTCOM
2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 ____D C:\Program Files\Realtek
2015-12-02 12:22 - 2015-12-02 12:22 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2015-12-02 12:22 - 2015-12-02 12:22 - 13789440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 11899824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 11785136 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO40.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 07044952 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-12-02 12:22 - 2015-12-02 12:22 - 05073344 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 04713224 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 03522264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-12-02 12:22 - 2015-12-02 12:22 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-02 12:22 - 2015-12-02 12:22 - 02820120 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02637528 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-12-02 12:22 - 2015-12-02 12:22 - 02630872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02585816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02394328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02370480 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO70.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01861976 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01823320 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01782616 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01708248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01490960 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01490264 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01160112 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01055888 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01022120 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01010096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00973232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00948336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00945456 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00919600 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00865960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00850264 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00844192 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00818096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00704656 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00611496 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00555664 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00426944 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00403392 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00388752 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00372368 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00346048 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00296560 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00294744 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00274264 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00223912 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00221528 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00220088 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00188696 _____ C:\Windows\system32\AcpiServiceVnA.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00087864 _____ C:\Windows\system32\audioLibVc.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-12-02 11:56 - 2015-12-02 11:56 - 06639616 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwLv32.sys
2015-12-02 11:56 - 2015-12-02 11:56 - 02756608 _____ (Intel Corporation) C:\Windows\system32\NETwLr32.dll
2015-12-02 11:56 - 2015-12-02 11:56 - 00675840 _____ (Intel Corporation) C:\Windows\system32\NETwLc32.dll
2015-12-02 11:51 - 2015-12-02 11:51 - 00311296 _____ (Marvell) C:\Windows\system32\Drivers\yk60x86.sys
2015-12-02 11:51 - 2015-12-02 11:51 - 00282624 _____ (Marvell) C:\Windows\system32\ykx32mpcoinst.dll
2015-12-02 11:46 - 2015-12-02 11:46 - 00000000 ____D C:\Users\Public\Foxit Software
2015-12-02 11:45 - 2015-12-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-12-02 11:43 - 2015-12-02 12:53 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\IObit
2015-12-02 11:43 - 2015-12-02 12:53 - 00000000 ____D C:\ProgramData\IObit
2015-12-02 11:43 - 2015-12-02 11:45 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\IObit
2015-12-02 11:43 - 2015-12-02 11:43 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-12-02 11:43 - 2015-12-02 11:43 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-12-02 11:42 - 2015-12-02 11:46 - 00000000 ____D C:\PatchMyPCUpdates
2015-12-02 11:42 - 2015-12-02 11:42 - 00000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\CrystalIdea Software
2015-11-24 23:55 - 2015-11-24 23:55 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-18 03:17 - 2015-11-18 03:17 - 00014365 _____ C:\Users\Andree Rezai\Downloads\POLY_DIV_Qz.pdf
2015-11-18 03:15 - 2015-11-18 03:15 - 00015516 _____ C:\Users\Andree Rezai\Downloads\INV_FUN2.pdf
2015-11-15 23:09 - 2015-11-15 23:09 - 00073468 _____ C:\Users\Andree Rezai\Downloads\doc08.pdf
2015-11-11 01:19 - 2015-10-17 06:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 01:09 - 2015-10-17 08:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 01:09 - 2015-10-13 06:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 01:09 - 2015-10-13 06:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 01:08 - 2015-10-14 12:22 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 01:08 - 2015-10-14 08:01 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-11 01:08 - 2015-10-14 08:01 - 03554752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 01:04 - 2015-10-10 08:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 01:00 - 2015-09-26 08:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 01:00 - 2015-09-26 08:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 01:00 - 2015-09-26 05:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 01:00 - 2015-09-22 05:11 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 23:40 - 2015-10-31 10:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 23:40 - 2015-10-31 10:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 23:40 - 2015-10-31 10:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 23:40 - 2015-10-31 10:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 23:40 - 2015-10-31 10:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 23:40 - 2015-10-31 10:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 23:40 - 2015-10-31 10:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-10 23:40 - 2015-10-31 10:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-08 11:37 - 2015-11-08 11:37 - 00000330 _____ C:\Users\Andree Rezai\Desktop\Agoura Hills, CA - Google Maps.URL
2015-11-07 23:26 - 2015-11-07 23:26 - 00000263 _____ C:\Users\Andree Rezai\Desktop\Search Results.URL
2015-11-07 12:13 - 2015-11-07 12:13 - 00055897 _____ C:\Users\Andree Rezai\Downloads\availability-list-spring-2014.pdf
2015-11-06 22:30 - 2015-11-06 22:30 - 00663025 _____ C:\Users\Andree Rezai\Downloads\burbot.pdf
2015-11-06 16:46 - 2015-11-06 16:46 - 00091311 _____ C:\Users\Andree Rezai\Downloads\abalone.pdf
2015-11-06 10:17 - 2015-11-07 17:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-04 20:57 - 2015-11-04 20:57 - 01259940 _____ C:\Users\Andree Rezai\Downloads\060_Iglesiasetal2005.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 13:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows
2015-12-04 12:52 - 2012-03-29 10:48 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-04 12:48 - 2009-11-29 10:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 12:45 - 2012-06-14 08:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-04 12:40 - 2012-11-19 12:51 - 00002096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-04 12:40 - 2012-11-19 12:51 - 00002096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-04 12:40 - 2009-11-29 10:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 12:40 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 03:20 - 2006-11-02 05:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-02 17:06 - 2009-11-29 14:03 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\Macromedia
2015-12-02 12:51 - 2015-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-02 12:51 - 2009-11-29 15:34 - 00000000 ____D C:\Program Files\Java
2015-12-02 12:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\spool
2015-12-02 12:35 - 2009-11-29 10:07 - 00000000 ____D C:\Program Files\Google
2015-12-02 12:26 - 2009-11-29 08:54 - 00000000 ____D C:\Users\Andree Rezai
2015-12-02 12:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\inf
2015-12-02 12:00 - 2012-11-20 19:21 - 00006526 _____ C:\Windows\system32\PerfStringBackup.TMP
2015-12-02 11:37 - 2009-11-29 07:30 - 00000000 ____D C:\Windows.old
2015-12-02 11:37 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-02 11:28 - 2009-11-29 15:27 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-02 11:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security
2015-12-02 11:16 - 2009-12-04 19:51 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\Macromedia
2015-12-02 11:16 - 2009-12-04 19:51 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\Adobe
2015-12-02 11:15 - 2009-12-04 19:51 - 00000000 ____D C:\ProgramData\Google
2015-12-02 11:15 - 2009-11-29 10:07 - 00000000 ____D C:\Users\Andree Rezai\AppData\Local\Google
2015-12-02 11:14 - 2013-03-26 09:54 - 00000000 ____D C:\Program Files\7-Zip
2015-11-30 11:59 - 2015-03-29 08:08 - 00000000 ____D C:\Windows\system32\vbox
2015-11-25 12:42 - 2014-06-16 08:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-25 12:36 - 2009-12-05 07:12 - 00000059 _____ C:\Windows\wpd99.drv
2015-11-25 12:36 - 2009-12-05 07:12 - 00000000 ____D C:\ProgramData\pdf995
2015-11-25 01:06 - 2009-11-29 08:32 - 00000000 ____D C:\Windows\Panther
2015-11-24 23:55 - 2015-09-01 14:54 - 00000000 ____D C:\Users\Andree Rezai\.oracle_jre_usage
2015-11-24 23:53 - 2015-01-27 14:09 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-11 17:11 - 2014-12-16 16:37 - 00000000 ____D C:\Users\Andree Rezai\Desktop\Grade Pro
2015-11-11 10:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2015-11-11 10:40 - 2006-11-02 04:47 - 00303576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 10:35 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 10:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 01:19 - 2013-08-14 02:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 01:11 - 2006-11-02 02:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 01:10 - 2009-11-29 15:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 17:45 - 2012-03-27 21:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-10 17:45 - 2012-03-17 13:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-07 17:28 - 2012-04-25 06:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2010-01-22 15:34 - 2015-10-16 23:34 - 0001596 _____ () C:\Users\Andree Rezai\AppData\Roaming\Sketchpad 5 Preferences.dat
2014-10-31 13:56 - 2014-10-31 13:56 - 0000680 _____ () C:\Users\Andree Rezai\AppData\Local\d3d9caps.dat
2009-11-29 09:27 - 2015-07-28 17:55 - 0102912 _____ () C:\Users\Andree Rezai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-02 12:28 - 2015-12-02 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Andree Rezai\instmsia.exe
C:\Users\Andree Rezai\instmsiw.exe
C:\Users\Andree Rezai\setup.exe


Some files in TEMP:
====================
C:\Users\Andree Rezai\AppData\Local\Temp\FoxitUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-04 12:47

==================== End of FRST.txt ============================

 

[SCMc]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by Andree Rezai (2015-12-04 13:38:06)
Running from C:\Users\Andree Rezai\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-11-29 16:45:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2436680478-200282203-879032571-500 - Administrator - Disabled)
Andree Rezai (S-1-5-21-2436680478-200282203-879032571-1000 - Administrator - Enabled) => C:\Users\Andree Rezai
Guest (S-1-5-21-2436680478-200282203-879032571-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP480 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series) (Version: - )
Canon MP480 series User Registration (HKLM\...\Canon MP480 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Easy Grade Pro (HKLM\...\Easy Grade Pro) (Version: - )
Facebook Plug-In (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.168.0 - International GeoGebra Institute)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\GoToMeeting) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MathType 6 (HKLM\...\DSMT6) (Version: 6.6 - Design Science, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 Trial (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NLVM v3.0 (HKLM\...\NLVM v3.0) (Version: 3.0.0.0 - MATTI LLC.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Paint Shop Pro 4.15 SE (HKLM\...\Paint Shop Pro 4.15) (Version: - )
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Pdf995 (HKLM\...\Pdf995) (Version: - )
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Sketchpad (HKLM\...\Sketchpad) (Version: - )
Student MATLAB 4-19-2013 (HKLM\...\MatlabDeinstKey) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

==================== Restore Points =========================

02-12-2015 11:47:57 Driver Booster : HoverCam Neo 3B
02-12-2015 11:51:29 Device Driver Package Install: Marvell Network adapters
02-12-2015 11:55:34 Device Driver Package Install: Vimicro Imaging devices
02-12-2015 11:56:51 Device Driver Package Install: Intel Network adapters
02-12-2015 12:07:18 Device Driver Package Install: Intel System devices
02-12-2015 12:08:29 Device Driver Package Install: Intel System devices
02-12-2015 12:10:30 Device Driver Package Install: Intel IDE ATA/ATAPI controllers
02-12-2015 12:12:46 Device Driver Package Install: Intel Universal Serial Bus controllers
02-12-2015 12:17:18 Device Driver Package Install: Microsoft Human Interface Devices
02-12-2015 12:18:11 Device Driver Package Install: Microsoft Mice and other pointing devices
02-12-2015 12:19:29 Device Driver Package Install: Microsoft Keyboards
02-12-2015 12:20:18 Device Driver Package Install: Microsoft Universal Serial Bus controllers
02-12-2015 12:21:24 Device Driver Package Install: Genesys Logic Universal Serial Bus controllers
02-12-2015 12:25:22 Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
02-12-2015 12:39:47 Removed HiJackThis
02-12-2015 12:44:18 Removed Java 8 Update 51
02-12-2015 12:52:00 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2014-10-31 13:36 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B6F3B28-F8FC-4FBC-898F-CB97C7F25914} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26EE73BA-3054-4D8E-9548-3040B74FCA61} - System32\Tasks\Microsoft\Windows\RestartManager\{5C01BB31-1F0D-4e06-BDF2-122C7A7439F7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {649BB769-B2A4-4FAF-80BD-DADD0ACE157A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93183F03-6D74-4780-AF59-7272A6481BAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {A6B23025-A920-4061-901D-2D71E2ABD749} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software)
Task: {B5A707C8-07BD-4309-9B71-B72246F9ACFF} - System32\Tasks\Microsoft\Windows\RestartManager\{8372C7B6-62BB-44f8-B0E7-CD1F5637A54E} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {BD381E08-5227-421F-A4A0-2E6F399C4323} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C1F3D29F-9274-4CA1-8CA1-BE98A5404520} - System32\Tasks\{82CD67D8-9A1A-434B-9F1E-5DD42EE21A80} => pcalua.exe -a "C:\Program Files\MATTI\NLVM_en\UninstallerData\Uninstall NLVM.exe"
Task: {C6B5BF36-F828-4894-9E27-6EEAD45917F4} - \Driver Booster SkipUAC (Andree Rezai) -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-12-05 07:12 - 2009-12-05 07:12 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2006-11-02 02:25 - 2006-12-13 17:19 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 02990080 _____ () C:\Program Files\AVAST Software\Avast\defs\15110499\algo.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-04 13:14 - 2015-12-04 13:14 - 02802176 _____ () C:\Program Files\AVAST Software\Avast\defs\15120403\algo.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2436680478-200282203-879032571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andree Rezai\Pictures\Steves Pictures\Santa Monicas\Topanga State Park 121007\1280x800\EagleRock 121007.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9E019079-13E3-4F8B-BB92-2831E9097017}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44059B99-47D3-4B84-83C8-506D453E1F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{55429062-980E-4129-931C-019D7CECA6CE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4A89B56E-6A0D-4FBD-802B-02A903A6125B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3215B199-D13B-4899-8766-63F463B768C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D42F0D79-1B1E-4DD5-BAC9-C476FBE3E464}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{40B5E894-341D-436E-B30B-A2D775A7CBE4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C6AA5825-3A53-4A17-BD6C-922DF4F46A13}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{438CAECC-79E5-4BBC-AD4E-C41667A4FCAC}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{6D09F12C-1B36-4B0A-83A8-9250C82141AE}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E4660963-A5BE-467F-A518-DF03C100781A}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8AE795FF-9AC6-440D-AE6F-8F5B557059E2}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C6304A03-6C5B-4905-9425-1C45BB820C40}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2DD7EC18-646C-4F08-8CFE-F1B8E3518DD3}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{5F852B17-88AE-4699-A855-2A229DF324DB}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2015 00:42:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2015 01:32:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 08:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 05:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 03:24:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 00:59:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 00:52:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (12/02/2015 00:35:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2015 00:28:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PatchMyPC.exe, version 0.0.0.0, time stamp 0x563b7718, faulting module mscorwks.dll, version 2.0.50727.4253, time stamp 0x53a12417, exception code 0xc0000006, fault offset 0x0001d291,
process id 0x%9, application start time 0xPatchMyPC.exe0.

Error: (12/02/2015 11:47:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {27a50e08-3a55-496a-b066-50bf1c1205e1}


System errors:
=============
Error: (12/04/2015 00:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/04/2015 00:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/03/2015 01:32:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/03/2015 01:32:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/02/2015 08:48:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/02/2015 08:48:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/02/2015 05:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/02/2015 05:05:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/02/2015 05:03:35 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (12/02/2015 03:24:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2


CodeIntegrity:
===================================
Date: 2015-12-04 13:37:25.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 13:37:24.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 13:37:24.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 13:37:23.622
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 45%
Total physical RAM: 2037.45 MB
Available physical RAM: 1100.37 MB
Total Virtual: 4314.14 MB
Available Virtual: 3407.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.8 GB) (Free:52.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7442EB0C)
Partition 1: (Not Active) - (Size=6.3 GB) - (Type=27)
Partition 2: (Active) - (Size=142.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

We can run some checks but I don't see anything suspicious in FRST logs.
Could be just some bad Avast update.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[SCMc]

I let Roguekiller delete Microsoft.Net Framework Assistant and Avast Online security. When I opened Firefox, I had requests for both add-ons.

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Andree Rezai [Administrator]
Started from : C:\Users\Andree Rezai\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/05/2015 00:37:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostDeleted
[C:\Windows\System32\drivers\etc\hosts] ::1 localhostDeleted

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[FIREFX:Addon] n57uf3ip.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Deleted
[FIREFX:Addon] n57uf3ip.default : Avast Online Security [wrc@avast.com] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1637GSX ATA Device +++++
--- User ---
[MBR] 7bb04e31844d78f773d7535fb2af26d0
[BSP] 344efc6fd9128ea2662ce62dd22a1826 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6401 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 13111296 | Size: 146224 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[SCMc]

No problems or significant changes noted.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/5/2015
Scan Time: 12:54:53 AM
Logfile: Malwarebytes 150512.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.05.02
Rootkit Database: v2015.11.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Andree Rezai

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297856
Time Elapsed: 26 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[SCMc]

Again, No Prob
# AdwCleaner v5.023 - Logfile created 05/12/2015 at 01:50:22
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Andree Rezai - ANDREEREZAI-PC
# Running from : C:\Users\Andree Rezai\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Web browsers ] *****

[-] [C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1249 bytes] ##########

lems.

 

[SCMc]

Still no problems.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Andree Rezai (Administrator) on Sat 12/05/2015 at 2:02:52.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Windows\prefetch\DRIVERBOOSTER.EXE-85146E71.pf (File)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/05/2015 at 2:07:05.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[SCMc]

Broni,
Thanks for your help so far. The computer rebooted normally after Combofix.

ComboFix 15-12-07.01 - Andree Rezai 12/06/2015 17:18:13.2.2 - x86
Running from: c:\users\Andree Rezai\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-11-07 to 2015-12-07 )))))))))))))))))))))))))))))))
.
.
2015-12-07 01:28 . 2015-12-07 01:28 -------- d-----w- c:\users\Andree Rezai\AppData\Local\temp
2015-12-07 01:28 . 2015-12-07 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-05 09:46 . 2015-12-05 09:50 -------- d-----w- C:\AdwCleaner
2015-12-05 08:08 . 2015-12-05 08:08 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-12-05 08:08 . 2015-12-05 08:52 -------- d-----w- c:\programdata\RogueKiller
2015-12-04 21:35 . 2015-12-04 21:40 -------- d-----w- C:\FRST
2015-12-04 21:14 . 2015-12-04 21:09 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-04 21:10 . 2015-12-04 21:10 -------- d-----w- c:\users\Andree Rezai\AppData\Roaming\AVAST Software
2015-12-04 21:09 . 2015-12-04 21:09 58016 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-04 21:09 . 2015-12-04 21:09 435976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-12-04 21:09 . 2015-12-04 21:09 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-04 21:09 . 2015-12-04 21:09 165104 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-04 21:09 . 2015-12-04 21:09 81168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-12-04 21:09 . 2015-12-04 21:09 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-04 21:09 . 2015-12-04 21:09 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-04 21:09 . 2015-12-04 21:09 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-04 21:09 . 2015-12-04 21:09 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-12-04 21:09 . 2015-12-04 21:09 43112 ----a-w- c:\windows\avastSS.scr
2015-12-04 21:05 . 2015-12-04 21:05 -------- d-----w- c:\program files\AVAST Software
2015-12-02 20:27 . 2015-12-02 20:27 -------- d-----w- c:\windows\system32\DAX2
2015-12-02 20:26 . 2015-12-02 20:26 -------- d-----w- c:\windows\system32\RTCOM
2015-12-02 20:26 . 2015-12-02 20:26 -------- d-----w- c:\program files\Realtek
2015-12-02 19:56 . 2015-12-02 19:56 6639616 ----a-w- c:\windows\system32\drivers\NETwLv32.sys
2015-12-02 19:56 . 2015-12-02 19:56 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2015-12-02 19:56 . 2015-12-02 19:56 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2015-12-02 19:51 . 2015-12-02 19:51 311296 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2015-12-02 19:51 . 2015-12-02 19:51 282624 ----a-w- c:\windows\system32\ykx32mpcoinst.dll
2015-12-02 19:46 . 2015-12-02 19:46 -------- d-----w- c:\users\Public\Foxit Software
2015-12-02 19:43 . 2015-12-02 20:53 -------- d-----w- c:\programdata\IObit
2015-12-02 19:43 . 2015-12-02 19:43 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2015-12-02 19:43 . 2015-12-02 20:53 -------- d-----w- c:\users\Andree Rezai\AppData\Roaming\IObit
2015-12-02 19:42 . 2015-12-02 19:46 -------- d-----w- C:\PatchMyPCUpdates
2015-12-02 19:11 . 2015-12-02 19:11 -------- d-----w- c:\users\Andree Rezai\AppData\Roaming\CrystalIdea Software
2015-11-25 07:55 . 2015-11-25 07:55 -------- d-----w- c:\program files\Common Files\Java
2015-11-11 09:19 . 2015-10-17 14:24 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 09:09 . 2015-10-13 14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-11 09:09 . 2015-10-13 14:31 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-11 09:09 . 2015-10-17 16:01 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-11-11 09:08 . 2015-10-14 20:22 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-11-11 09:08 . 2015-10-14 16:01 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-11-11 09:08 . 2015-10-14 16:01 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-11 09:07 . 2015-10-01 16:03 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-11-11 09:07 . 2015-10-01 16:04 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-11-11 09:07 . 2015-10-01 16:03 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-11-11 09:07 . 2015-10-01 16:03 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-11-11 09:04 . 2015-10-10 16:02 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 09:00 . 2015-09-26 16:04 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-11 09:00 . 2015-09-26 16:05 281600 ----a-w- c:\windows\system32\schannel.dll
2015-11-11 09:00 . 2015-09-26 13:21 274432 ----a-w- c:\windows\system32\bcrypt.dll
2015-11-11 09:00 . 2015-09-22 13:11 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-05 09:33 . 2014-06-16 16:26 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-02 20:00 . 2012-11-21 03:21 6526 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2015-11-25 07:53 . 2015-01-27 22:09 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-11-11 01:45 . 2012-03-28 05:20 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-11-11 01:45 . 2012-03-17 21:13 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-13 09:29 . 2015-10-13 09:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-05 16:50 . 2014-06-16 16:25 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 16:50 . 2014-06-16 16:25 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 16:50 . 2012-11-19 21:45 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-04 21:09 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-04 7021880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-03 06:31 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-04 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-11 01:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-04-17 22:42 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-08-06 18:43 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-10-07 05:18 596528 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-05 02:53 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 01:45]
.
2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 03:27]
.
2015-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 03:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andree Rezai\AppData\Roaming\Mozilla\Firefox\Profiles\n57uf3ip.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2009-12-01 05:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-AvastUI - c:\program files\Alwil Software\Avast5\AvastUI.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-06 17:28
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2436680478-200282203-879032571-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:0f,7e,c3,1a,9d,ae,01,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-12-06 17:30:45
ComboFix-quarantined-files.txt 2015-12-07 01:30
.
Pre-Run: 55,871,762,432 bytes free
Post-Run: 55,861,637,120 bytes free
.
- - End Of File - - C6CD5485A011EDB2CCF9540DDBDABB83
5C616939100B85E558DA92B899A0FC36

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[SCMc]

Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
Ran by Andree Rezai (administrator) on ANDREEREZAI-PC (06-12-2015 22:28:49)
Running from C:\Users\Andree Rezai\Desktop
Loaded Profiles: Andree Rezai (Available Profiles: Andree Rezai)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D17C858C-B8C6-4EFE-8C0F-EBC2C2848AE3}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2436680478-200282203-879032571-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> DefaultScope {7B9F4103-F692-470F-AF26-D23F5E4E2F3D} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
SearchScopes: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> {7B9F4103-F692-470F-AF26-D23F5E4E2F3D} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADSA_en
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-04] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Andree Rezai\AppData\Roaming\Mozilla\Firefox\Profiles\n57uf3ip.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2436680478-200282203-879032571-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Plugin HKU\S-1-5-21-2436680478-200282203-879032571-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-09-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-09-01] (Apple Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-01] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://canogaparkhs.org/","hxxp://misis.lausd.net/start","hxxp://home.lausd.net/","hxxp://mail.lausd.net/"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andree Rezai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-04] (AVAST Software)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 FoxitCloudUpdateService; "C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435976 2015-12-04] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [165104 2015-12-04] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [58016 2015-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-04] (AVAST Software)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-12-02] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2015-12-02] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\ANDREE~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 22:28 - 2015-12-06 22:30 - 00015488 _____ C:\Users\Andree Rezai\Desktop\FRST.txt
2015-12-06 22:28 - 2015-12-06 22:28 - 00000000 ____D C:\Users\Andree Rezai\Desktop\FRST-OlderVersion
2015-12-06 17:15 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-06 17:15 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-06 17:15 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-06 17:15 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-06 17:15 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-06 17:15 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-06 17:15 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-06 17:15 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-05 17:22 - 2015-12-05 17:22 - 01160400 _____ C:\Users\Andree Rezai\Downloads\IAHF_Newsletter-Fall_2015-web.pdf
2015-12-05 01:46 - 2015-12-05 01:50 - 00000000 ____D C:\AdwCleaner
2015-12-05 01:32 - 2015-12-06 22:28 - 00000000 ____D C:\Users\Andree Rezai\Desktop\Maintainence
2015-12-05 00:08 - 2015-12-05 00:52 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-05 00:08 - 2015-12-05 00:08 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-04 13:35 - 2015-12-06 22:28 - 00000000 ____D C:\FRST
2015-12-04 13:32 - 2015-12-06 22:28 - 01719808 _____ (Farbar) C:\Users\Andree Rezai\Desktop\FRST.exe
2015-12-04 13:14 - 2015-12-04 13:09 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-04 13:10 - 2015-12-04 13:10 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\AVAST Software
2015-12-04 13:10 - 2015-12-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-04 13:09 - 2015-12-04 13:09 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00435976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00209432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00165104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00058016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-04 13:09 - 2015-12-04 13:09 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-04 13:09 - 2015-12-04 13:09 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-04 13:05 - 2015-12-04 13:05 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-04 12:51 - 2015-12-04 12:51 - 05084256 _____ (AVAST Software) C:\Users\Andree Rezai\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-12-03 15:20 - 2015-12-03 15:20 - 00000259 _____ C:\Users\Andree Rezai\Desktop\Virus and Malware Removal - TechSpot Forums.URL
2015-12-02 12:28 - 2015-12-02 12:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-02 12:27 - 2015-12-02 12:27 - 00000000 ____D C:\Windows\system32\DAX2
2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 ____D C:\Windows\system32\RTCOM
2015-12-02 12:26 - 2015-12-02 12:26 - 00000000 ____D C:\Program Files\Realtek
2015-12-02 12:22 - 2015-12-02 12:22 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2015-12-02 12:22 - 2015-12-02 12:22 - 13789440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 11899824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 11785136 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO40.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 07044952 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-12-02 12:22 - 2015-12-02 12:22 - 05073344 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 04713224 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 03522264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2015-12-02 12:22 - 2015-12-02 12:22 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-02 12:22 - 2015-12-02 12:22 - 02820120 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02637528 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2015-12-02 12:22 - 2015-12-02 12:22 - 02630872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02585816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02394328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 02370480 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO70.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01940056 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01861976 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01823320 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01782616 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01708248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01490960 _____ (Conexant Systems Inc.) C:\Windows\system32\CX32APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01490264 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01160112 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01055888 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01022120 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 01010096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00973232 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00948336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00945456 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00919600 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00865960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00850264 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00844192 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00818096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00704656 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00611496 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00555664 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00519368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00426944 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00403392 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00388752 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00372368 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00346048 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00296560 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00294744 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00274264 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00223912 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00221528 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00220088 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo32.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00188696 _____ C:\Windows\system32\AcpiServiceVnA.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00087864 _____ C:\Windows\system32\audioLibVc.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2015-12-02 12:22 - 2015-12-02 12:22 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2015-12-02 11:56 - 2015-12-02 11:56 - 06639616 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwLv32.sys
2015-12-02 11:56 - 2015-12-02 11:56 - 02756608 _____ (Intel Corporation) C:\Windows\system32\NETwLr32.dll
2015-12-02 11:56 - 2015-12-02 11:56 - 00675840 _____ (Intel Corporation) C:\Windows\system32\NETwLc32.dll
2015-12-02 11:51 - 2015-12-02 11:51 - 00311296 _____ (Marvell) C:\Windows\system32\Drivers\yk60x86.sys
2015-12-02 11:51 - 2015-12-02 11:51 - 00282624 _____ (Marvell) C:\Windows\system32\ykx32mpcoinst.dll
2015-12-02 11:46 - 2015-12-02 11:46 - 00000000 ____D C:\Users\Public\Foxit Software
2015-12-02 11:45 - 2015-12-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-12-02 11:43 - 2015-12-02 12:53 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\IObit
2015-12-02 11:43 - 2015-12-02 12:53 - 00000000 ____D C:\ProgramData\IObit
2015-12-02 11:43 - 2015-12-02 11:45 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\IObit
2015-12-02 11:43 - 2015-12-02 11:43 - 00023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
2015-12-02 11:43 - 2015-12-02 11:43 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-12-02 11:42 - 2015-12-02 11:46 - 00000000 ____D C:\PatchMyPCUpdates
2015-12-02 11:11 - 2015-12-02 11:11 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\CrystalIdea Software
2015-11-24 23:55 - 2015-11-24 23:55 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-18 03:17 - 2015-11-18 03:17 - 00014365 _____ C:\Users\Andree Rezai\Downloads\POLY_DIV_Qz.pdf
2015-11-18 03:15 - 2015-11-18 03:15 - 00015516 _____ C:\Users\Andree Rezai\Downloads\INV_FUN2.pdf
2015-11-15 23:09 - 2015-11-15 23:09 - 00073468 _____ C:\Users\Andree Rezai\Downloads\doc08.pdf
2015-11-11 01:19 - 2015-10-17 06:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 01:09 - 2015-10-17 08:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 01:09 - 2015-10-13 06:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 01:09 - 2015-10-13 06:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 01:08 - 2015-10-14 12:22 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 01:08 - 2015-10-14 08:01 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-11 01:08 - 2015-10-14 08:01 - 03554752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 01:04 - 2015-10-10 08:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 01:00 - 2015-09-26 08:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 01:00 - 2015-09-26 08:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 01:00 - 2015-09-26 05:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-11-11 01:00 - 2015-09-22 05:11 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 23:40 - 2015-10-31 10:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 23:40 - 2015-10-31 10:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 23:40 - 2015-10-31 10:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 23:40 - 2015-10-31 10:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 23:40 - 2015-10-31 10:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 23:40 - 2015-10-31 10:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 23:40 - 2015-10-31 10:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-11-10 23:40 - 2015-10-31 10:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-11-10 23:40 - 2015-10-31 10:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-11-08 11:37 - 2015-11-08 11:37 - 00000330 _____ C:\Users\Andree Rezai\Desktop\Agoura Hills, CA - Google Maps.URL
2015-11-07 23:26 - 2015-11-07 23:26 - 00000263 _____ C:\Users\Andree Rezai\Desktop\Search Results.URL
2015-11-07 12:13 - 2015-11-07 12:13 - 00055897 _____ C:\Users\Andree Rezai\Downloads\availability-list-spring-2014.pdf
2015-11-06 22:30 - 2015-11-06 22:30 - 00663025 _____ C:\Users\Andree Rezai\Downloads\burbot.pdf
2015-11-06 16:46 - 2015-11-06 16:46 - 00091311 _____ C:\Users\Andree Rezai\Downloads\abalone.pdf
2015-11-06 10:17 - 2015-11-07 17:28 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 21:46 - 2009-11-29 10:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 21:45 - 2012-06-14 08:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-06 21:36 - 2012-11-19 12:51 - 00002096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-06 21:36 - 2012-11-19 12:51 - 00002096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:36 - 2009-11-29 10:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 17:36 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 17:35 - 2006-11-02 05:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-06 17:30 - 2014-10-31 13:51 - 00000000 ____D C:\Qoobox
2015-12-06 17:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows
2015-12-06 17:28 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
2015-12-05 01:33 - 2014-06-16 08:26 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 16:35 - 2009-12-05 07:12 - 00000059 _____ C:\Windows\wpd99.drv
2015-12-04 16:35 - 2009-12-05 07:12 - 00000000 ____D C:\ProgramData\pdf995
2015-12-04 12:52 - 2012-03-29 10:48 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-02 17:06 - 2009-11-29 14:03 - 00000000 ____D C:\Users\Andree Rezai\AppData\Roaming\Macromedia
2015-12-02 12:51 - 2015-01-27 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-02 12:51 - 2009-11-29 15:34 - 00000000 ____D C:\Program Files\Java
2015-12-02 12:37 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system32\spool
2015-12-02 12:35 - 2009-11-29 10:07 - 00000000 ____D C:\Program Files\Google
2015-12-02 12:26 - 2009-11-29 08:54 - 00000000 ____D C:\Users\Andree Rezai
2015-12-02 12:25 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\inf
2015-12-02 12:00 - 2012-11-20 19:21 - 00006526 _____ C:\Windows\system32\PerfStringBackup.TMP
2015-12-02 11:37 - 2009-11-29 07:30 - 00000000 ____D C:\Windows.old
2015-12-02 11:37 - 2006-11-02 03:18 - 00000000 ___SD C:\Windows\Downloaded Program Files
2015-12-02 11:28 - 2009-11-29 15:27 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-02 11:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\security
2015-12-02 11:16 - 2009-12-04 19:51 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\Macromedia
2015-12-02 11:16 - 2009-12-04 19:51 - 00000000 ____D C:\Users\Andree Rezai\AppData\LocalLow\Adobe
2015-12-02 11:15 - 2009-12-04 19:51 - 00000000 ____D C:\ProgramData\Google
2015-12-02 11:15 - 2009-11-29 10:07 - 00000000 ____D C:\Users\Andree Rezai\AppData\Local\Google
2015-12-02 11:14 - 2013-03-26 09:54 - 00000000 ____D C:\Program Files\7-Zip
2015-11-30 11:59 - 2015-03-29 08:08 - 00000000 ____D C:\Windows\system32\vbox
2015-11-25 01:06 - 2009-11-29 08:32 - 00000000 ____D C:\Windows\Panther
2015-11-24 23:55 - 2015-09-01 14:54 - 00000000 ____D C:\Users\Andree Rezai\.oracle_jre_usage
2015-11-24 23:53 - 2015-01-27 14:09 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-11 17:11 - 2014-12-16 16:37 - 00000000 ____D C:\Users\Andree Rezai\Desktop\Grade Pro
2015-11-11 10:57 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2015-11-11 10:40 - 2006-11-02 04:47 - 00303576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 10:35 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 10:35 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-11 01:19 - 2013-08-14 02:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 01:11 - 2006-11-02 02:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-11-11 01:10 - 2009-11-29 15:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 17:45 - 2012-03-27 21:20 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-10 17:45 - 2012-03-17 13:13 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-07 17:28 - 2012-04-25 06:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2010-01-22 15:34 - 2015-10-16 23:34 - 0001596 _____ () C:\Users\Andree Rezai\AppData\Roaming\Sketchpad 5 Preferences.dat
2014-10-31 13:56 - 2014-10-31 13:56 - 0000680 _____ () C:\Users\Andree Rezai\AppData\Local\d3d9caps.dat
2009-11-29 09:27 - 2015-07-28 17:55 - 0102912 _____ () C:\Users\Andree Rezai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-02 12:28 - 2015-12-02 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Andree Rezai\instmsia.exe
C:\Users\Andree Rezai\instmsiw.exe
C:\Users\Andree Rezai\setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-06 17:43

==================== End of FRST.txt ============================

 

[SCMc]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
Ran by Andree Rezai (2015-12-06 22:30:36)
Running from C:\Users\Andree Rezai\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-11-29 16:45:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2436680478-200282203-879032571-500 - Administrator - Disabled)
Andree Rezai (S-1-5-21-2436680478-200282203-879032571-1000 - Administrator - Enabled) => C:\Users\Andree Rezai
Guest (S-1-5-21-2436680478-200282203-879032571-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM\...\{23170F69-40C1-2701-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software)
Canon MP Navigator EX 2.0 (HKLM\...\MP Navigator EX 2.0) (Version: - )
Canon MP480 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series) (Version: - )
Canon MP480 series User Registration (HKLM\...\Canon MP480 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Easy Grade Pro (HKLM\...\Easy Grade Pro) (Version: - )
Facebook Plug-In (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.168.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 4.5.0.457 (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\GoToMeeting) (Version: - )
Inkjet Printer/Scanner Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MathType 6 (HKLM\...\DSMT6) (Version: 6.6 - Design Science, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 Trial (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NLVM v3.0 (HKLM\...\NLVM v3.0) (Version: 3.0.0.0 - MATTI LLC.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Paint Shop Pro 4.15 SE (HKLM\...\Paint Shop Pro 4.15) (Version: - )
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Pdf995 (HKLM\...\Pdf995) (Version: - )
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Sketchpad (HKLM\...\Sketchpad) (Version: - )
Student MATLAB 4-19-2013 (HKLM\...\MatlabDeinstKey) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2436680478-200282203-879032571-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2436680478-200282203-879032571-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Andree Rezai\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

==================== Restore Points =========================

02-12-2015 12:52:00 JRT Pre-Junkware Removal
05-12-2015 02:02:54 JRT Pre-Junkware Removal
05-12-2015 02:09:54 JRT Pre-Junkware Removal
06-12-2015 13:45:20 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 02:23 - 2015-12-05 00:37 - 00000707 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B6F3B28-F8FC-4FBC-898F-CB97C7F25914} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26EE73BA-3054-4D8E-9548-3040B74FCA61} - System32\Tasks\Microsoft\Windows\RestartManager\{5C01BB31-1F0D-4e06-BDF2-122C7A7439F7} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {649BB769-B2A4-4FAF-80BD-DADD0ACE157A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93183F03-6D74-4780-AF59-7272A6481BAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {A6B23025-A920-4061-901D-2D71E2ABD749} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-04] (AVAST Software)
Task: {B5A707C8-07BD-4309-9B71-B72246F9ACFF} - System32\Tasks\Microsoft\Windows\RestartManager\{8372C7B6-62BB-44f8-B0E7-CD1F5637A54E} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {BD381E08-5227-421F-A4A0-2E6F399C4323} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C1F3D29F-9274-4CA1-8CA1-BE98A5404520} - System32\Tasks\{82CD67D8-9A1A-434B-9F1E-5DD42EE21A80} => pcalua.exe -a "C:\Program Files\MATTI\NLVM_en\UninstallerData\Uninstall NLVM.exe"
Task: {C6B5BF36-F828-4894-9E27-6EEAD45917F4} - \Driver Booster SkipUAC (Andree Rezai) -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-04 13:09 - 2015-12-04 13:09 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-06 10:58 - 2015-12-06 10:58 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120600\algo.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-12-05 07:12 - 2009-12-05 07:12 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2006-11-02 02:25 - 2006-12-13 17:19 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2015-12-04 13:09 - 2015-12-04 13:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2436680478-200282203-879032571-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andree Rezai\Pictures\Steves Pictures\Santa Monicas\Topanga State Park 121007\1280x800\EagleRock 121007.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9E019079-13E3-4F8B-BB92-2831E9097017}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44059B99-47D3-4B84-83C8-506D453E1F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{55429062-980E-4129-931C-019D7CECA6CE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4A89B56E-6A0D-4FBD-802B-02A903A6125B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{3215B199-D13B-4899-8766-63F463B768C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D42F0D79-1B1E-4DD5-BAC9-C476FBE3E464}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C6AA5825-3A53-4A17-BD6C-922DF4F46A13}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{438CAECC-79E5-4BBC-AD4E-C41667A4FCAC}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{6D09F12C-1B36-4B0A-83A8-9250C82141AE}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E4660963-A5BE-467F-A518-DF03C100781A}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8AE795FF-9AC6-440D-AE6F-8F5B557059E2}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C6304A03-6C5B-4905-9425-1C45BB820C40}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{2DD7EC18-646C-4F08-8CFE-F1B8E3518DD3}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{5F852B17-88AE-4699-A855-2A229DF324DB}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{4B590609-AC38-4288-954B-05546D8439FA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2015 05:36:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 11:11:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a04
Start Time: 01d13057db1047f8
Termination Time: 52

Error: (12/06/2015 10:58:59 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\ANDREE REZAI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\N57UF3IP.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/06/2015 10:55:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2015 07:10:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2015 02:14:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2015 02:00:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2015 01:53:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2015 01:31:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2015 12:42:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/06/2015 05:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/06/2015 05:36:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/06/2015 05:28:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (12/06/2015 05:23:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (12/06/2015 05:18:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (12/06/2015 10:57:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (12/06/2015 10:55:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/06/2015 10:55:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/05/2015 07:10:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Foxit Cloud Safe Update Service%%2

Error: (12/05/2015 07:10:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


CodeIntegrity:
===================================
Date: 2015-12-06 22:29:55.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 22:29:55.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 22:29:54.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 22:29:54.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:56.736
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:55.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:55.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:54.521
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:53.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 17:19:53.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of memory in use: 38%
Total physical RAM: 2037.45 MB
Available physical RAM: 1251.53 MB
Total Virtual: 4316.18 MB
Available Virtual: 3422.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.8 GB) (Free:52.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 7442EB0C)
Partition 1: (Not Active) - (Size=6.3 GB) - (Type=27)
Partition 2: (Active) - (Size=142.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[SCMc]

Thank you for your continued help. FRST was done almost as soon as it started. I rebooted without any problems, and have not encountered any other problems since we started (other than some add intensive wed pages being very slow to start, which is normal).

Fix result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
Ran by Andree Rezai (2015-12-07 23:47:39) Run:1
Running from C:\Users\Andree Rezai\Desktop
Loaded Profiles: Andree Rezai (Available Profiles: Andree Rezai)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2436680478-200282203-879032571-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2436680478-200282203-879032571-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\44.0.2403.155\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
S2 FoxitCloudUpdateService; "C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]
S3 catchme; \??\C:\Users\ANDREE~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2010-01-22 15:34 - 2015-10-16 23:34 - 0001596 _____ () C:\Users\Andree Rezai\AppData\Roaming\Sketchpad 5 Preferences.dat
2014-10-31 13:56 - 2014-10-31 13:56 - 0000680 _____ () C:\Users\Andree Rezai\AppData\Local\d3d9caps.dat
2009-11-29 09:27 - 2015-07-28 17:55 - 0102912 _____ () C:\Users\Andree Rezai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-02 12:28 - 2015-12-02 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Andree Rezai\instmsia.exe
C:\Users\Andree Rezai\instmsiw.exe
C:\Users\Andree Rezai\setup.exe
Task: {C6B5BF36-F828-4894-9E27-6EEAD45917F4} - \Driver Booster SkipUAC (Andree Rezai) -> No File <==== ATTENTION

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-2436680478-200282203-879032571-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-2436680478-200282203-879032571-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Program Files\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\44.0.2403.155\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\44.0.2403.155\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => not found.
C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdnu.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
FoxitCloudUpdateService => service removed successfully.
catchme => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\Andree Rezai\AppData\Roaming\Sketchpad 5 Preferences.dat => moved successfully
C:\Users\Andree Rezai\AppData\Local\d3d9caps.dat => moved successfully
C:\Users\Andree Rezai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Andree Rezai\instmsia.exe => moved successfully
C:\Users\Andree Rezai\instmsiw.exe => moved successfully
C:\Users\Andree Rezai\setup.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6B5BF36-F828-4894-9E27-6EEAD45917F4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6B5BF36-F828-4894-9E27-6EEAD45917F4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Andree Rezai)" => key removed successfully.

==== End of Fixlog 23:47:41 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[SCMc]

I'm sorry for the delay. I will try to get back to it tomorrow.

 

[Broni]

 

[SCMc]

No problems after Security Check.

Results of screen317's Security Check version 1.009
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 8 Update 66
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.235
Adobe Reader XI
Mozilla Firefox (42.0)
Google Chrome (47.0.2526.73)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[SCMc]

Farbar Service Scanner Version: 10-06-2014
Ran by Andree Rezai (administrator) on 11-12-2015 at 17:50:57
Running from "C:\Users\Andree Rezai\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

[SCMc]

Avast is blocking TFC.exe from both sites. Is this normal? Do I need to disable Avast for the download, or should I be suspicious of the files?

 

[Broni]

Disable Avast.

 

[SCMc]

TFC done and rebooted. Was there any log for this?


Sophos: 0 threats found.

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[SCMc]

Broni,
Thank you again for all of the time you put into this. To keep my desktop from getting cluttered, once I was done with a tool, I moved it and its logs to a folder called Maintenance. Will this interfere with Delfix, or can I just delete the entire folder.

Were any trojans, rootkits or bootkits found on my computer?

Avast has a software updater. I assume this would make FileHippo redundant.

 

[Broni]

You can remove that folder manually.
Your passwords are safe.
Avast updater is fine.

Good luck and stay safe