Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Freezes and shuts itself down [Solved]

Started by geric16 , Dec 26 2013 04:33 PM

This topic is locked

#1
geric16

Posted 26 December 2013 - 04:33 PM

Member

Member
125 posts

The computer is a Toshiba Satellite A665 laptop. For the last month it has been acting up. It seems to be running a bit slower, Internet explorer closes itself, the computer just powers off on its own. Tried running Malwarebytes numerous times and it runs til it gets to the end then hangs up and freezes. I also notice a applicaton icon running called websteroids, but it isn't under the control panel programs to remove. Running windows 7 and have Avast anti virus installed. Here is the OTL report:

OTL logfile created on: 12/26/2013 5:26:06 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Geric\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 46.05% Memory free
7.86 Gb Paging File | 5.60 Gb Available in Paging File | 71.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.11 Gb Total Space | 380.22 Gb Free Space | 65.21% Space Free | Partition Type: NTFS

Computer Name: GERIC-PC | User Name: Geric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/26 17:04:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Geric\Desktop\OTL.exe
PRC - [2013/12/26 16:48:48 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 16:48:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/05 20:30:04 | 000,040,448 | ---- | M] () -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/11/19 22:37:38 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/11/19 22:37:38 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/11/19 22:37:38 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/11/19 22:37:36 | 000,481,656 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exe
PRC - [2010/05/05 09:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/23 08:53:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/26 16:48:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2010/07/22 18:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/06/29 13:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/06/07 14:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 14:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/05 12:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 12:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 12:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/21 11:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/12/05 20:30:04 | 000,040,448 | ---- | M] () [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/05/05 09:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 16:48:52 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 16:48:52 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/12/26 16:48:52 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 16:48:52 | 000,082,744 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 16:48:52 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/23 08:53:37 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/23 08:53:36 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 12:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/05/31 14:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/18 18:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/16 19:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/05/16 19:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 19:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/05/08 20:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 16:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/02 22:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/02 22:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 12:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{13F3E64E-CEF0-4694-AED4-BFEB989D8805}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2605296E-10C5-46EE-8743-42F7E5B90CFE}: "URL" = http://www.google.co...ng}&rlz=1I7TSND

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {13F3E64E-CEF0-4694-AED4-BFEB989D8805}
IE - HKCU\..\SearchScopes\{2605296E-10C5-46EE-8743-42F7E5B90CFE}: "URL" = http://www.google.co...ng}&rlz=1I7TSND
IE - HKCU\..\SearchScopes\{687B506D-CFE6-4098-A089-AFD68F4087BC}: "URL" = http://www.google.co...ND_enUS404US404
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/26 16:48:53 | 000,000,000 | ---D | M]

[2013/12/15 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geric\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Geric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0\

O1 HOSTS File: ([2012/07/25 10:03:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\9246fa90-f5df-4dbf-aefe-4cfe93ef8c08.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797D27A0-0C99-4568-8F48-05BBED86D54B}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A5AECC4-30EA-4121-9BBA-3B8A76E4FECE}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 17:04:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Geric\Desktop\OTL.exe
[2013/12/26 16:48:53 | 000,082,744 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2013/12/16 09:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/15 19:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2013/12/15 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/15 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/15 19:07:25 | 000,000,000 | ---D | C] -- C:\Users\Geric\AppData\Roaming\Mozilla
[2013/02/14 14:53:02 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Geric\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/26 17:17:20 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/26 17:17:20 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/26 17:04:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Geric\Desktop\OTL.exe
[2013/12/26 16:50:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/26 16:50:11 | 3166,703,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/26 16:48:57 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/26 16:48:52 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/26 16:48:52 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013/12/26 16:48:52 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/26 16:48:52 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/26 16:48:52 | 000,082,744 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2013/12/26 16:48:52 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 16:48:51 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/20 10:02:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 10:02:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 10:02:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/18 10:21:29 | 000,000,218 | ---- | M] () -- C:\Users\Geric\AppData\Local\recently-used.xbel
[2013/12/12 08:11:26 | 005,040,640 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/12/18 10:21:29 | 000,000,218 | ---- | C] () -- C:\Users\Geric\AppData\Local\recently-used.xbel
[2013/02/14 14:53:02 | 000,099,384 | ---- | C] () -- C:\Users\Geric\AppData\Roaming\inst.exe
[2013/02/14 14:53:02 | 000,007,859 | ---- | C] () -- C:\Users\Geric\AppData\Roaming\pcouffin.cat
[2013/02/14 14:53:02 | 000,001,167 | ---- | C] () -- C:\Users\Geric\AppData\Roaming\pcouffin.inf
[2012/12/27 12:25:43 | 000,189,916 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2012/07/25 09:54:12 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/25 09:54:12 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/25 09:54:12 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/25 09:54:12 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/25 09:54:12 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/06/09 16:53:55 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2012/06/09 16:53:55 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2012/05/09 13:11:09 | 000,065,024 | ---- | C] () -- C:\Users\Geric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 19:50:18 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\FileOps.exe
[2011/12/30 18:13:35 | 000,000,247 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/12/30 18:13:35 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/12/30 18:08:52 | 000,006,615 | ---- | C] () -- C:\windows\BRPARAM.INI
[2010/12/20 15:12:29 | 000,007,602 | ---- | C] () -- C:\Users\Geric\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2012/12/31 11:16:52 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\@
[2012/12/31 11:16:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\L
[2012/12/31 11:16:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/06/02 17:39:16 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\AnvSoft
[2012/12/11 15:09:20 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Auslogics
[2013/10/24 07:22:17 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\AVAST Software
[2013/11/26 15:13:04 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\BitLord
[2012/12/05 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\BSplayer
[2011/10/20 10:57:24 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\BSplayer Pro
[2011/10/27 10:51:34 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/13 20:29:43 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\ControlCenter4
[2012/08/13 07:31:20 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\iVideoConverter
[2012/08/12 09:46:09 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\MOVAVI
[2012/03/20 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\MusicNet
[2011/12/30 19:27:39 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Nuance
[2012/03/20 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Orbit
[2013/03/07 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\PACE Anti-Piracy
[2013/03/03 08:58:56 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Polar WebSync
[2012/03/20 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\ProgSense
[2013/02/14 10:38:23 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Python-Eggs
[2011/10/27 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/12/17 21:55:43 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Toshiba
[2011/06/14 11:38:37 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\TuneUp Software
[2013/02/14 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Vso
[2010/11/01 19:35:49 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\WinBatch
[2012/08/12 09:49:02 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Wondershare Video Converter Platinum
[2011/12/30 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\Geric\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1127 bytes -> C:\Users\Geric\AppData\Local\4cWMhJUz:tEt7J6lJ3SRS9qw2wmEeq4Urez

< End of report >

#2
JSntgRvr

Posted 26 December 2013 - 09:39 PM

Global Moderator

Global Moderator
11,579 posts

Lets give it a try. The computer is infected with Trojan Zero Access, which is a backdoor Trojan.

If you're interested you can read up on the infection here: http://nakedsecurity...om/zeroaccess2/

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#3
geric16

Posted 26 December 2013 - 10:05 PM

Member

Topic Starter
Member
125 posts

Wow, was not expecting that although the computer has been acting odd lately. I have Avast installed along with Malwarebytes that I would run once a month, how did it get past? Is there something else I should use besides avast or malwarebytes that better protects my PC? Here is results of the farbar scan recovery tool:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by Geric (administrator) on GERIC-PC on 26-12-2013 22:58:18
Running from C:\Users\Geric\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-26] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\9246fa90-f5df-4dbf-aefe-4cfe93ef8c08.exe [180184 2013-11-23] (AVAST Software)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [481656 2013-11-19] (Updater)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931\n. ATTENTION! ====> ZeroAccess?
HKU\Jessica\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Jessica\...\Run: [HKCU] - C:\directory\CyberGate\install\svchost.exe
HKU\Jessica\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKLM-x32 - {2605296E-10C5-46EE-8743-42F7E5B90CFE} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKCU - DefaultScope {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL =
SearchScopes: HKCU - {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL =
SearchScopes: HKCU - {2605296E-10C5-46EE-8743-42F7E5B90CFE} URL = http://www.google.co...ng}&rlz=1I7TSND
SearchScopes: HKCU - {687B506D-CFE6-4098-A089-AFD68F4087BC} URL = http://www.google.co...ND_enUS404US404
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (FastestChrome - Browse Faster) - C:\Users\Geric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.1_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-26] (AVAST Software)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-05] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2013-12-26] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-23] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2013-12-26] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2013-12-26] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [82744 2013-12-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-26] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-26 22:58 - 2013-12-26 22:58 - 00011485 _____ C:\Users\Geric\Desktop\FRST.txt
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\FRST
2013-12-26 22:57 - 2013-12-26 22:57 - 01928716 _____ (Farbar) C:\Users\Geric\Desktop\FRST64.exe
2013-12-26 17:25 - 2013-12-26 17:30 - 00069838 _____ C:\Users\Geric\Desktop\OTL.Txt
2013-12-26 17:04 - 2013-12-26 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Geric\Desktop\OTL.exe
2013-12-26 16:48 - 2013-12-26 16:48 - 00082744 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2013-12-18 10:21 - 2013-12-18 10:21 - 00000218 _____ C:\Users\Geric\AppData\Local\recently-used.xbel
2013-12-16 09:02 - 2013-12-16 09:02 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-15 19:17 - 2013-12-17 09:23 - 00000000 ____D C:\ProgramData\InternetUpdater
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Mozilla
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\Updater
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-11 22:43 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-11 22:43 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-11 22:43 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-11 22:43 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-11 22:41 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 22:41 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-11 22:41 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-11 22:41 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 22:41 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-11 22:41 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-11 22:41 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 22:41 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-11 22:41 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-11 22:41 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-11 22:41 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-11 22:41 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-11 22:41 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-11 22:41 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-11 22:41 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 22:41 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 22:41 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-11 22:41 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 22:41 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-11 22:41 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-11 22:41 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 22:41 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-11 22:41 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 22:41 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-11 22:41 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 22:41 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 22:41 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 22:41 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-11 22:41 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-11 22:41 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 22:41 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 12:37 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 12:37 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 12:37 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-11 12:37 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-11 12:37 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 12:37 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 12:37 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 12:37 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 12:37 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 12:37 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 12:37 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 12:37 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-11 12:37 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 12:37 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-11 12:37 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 12:37 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-11 12:37 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 12:37 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-11 12:37 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2013-12-26 22:58 - 2013-12-26 22:58 - 00011485 _____ C:\Users\Geric\Desktop\FRST.txt
2013-12-26 22:58 - 2013-12-26 22:58 - 00000000 ____D C:\FRST
2013-12-26 22:57 - 2013-12-26 22:57 - 01928716 _____ (Farbar) C:\Users\Geric\Desktop\FRST64.exe
2013-12-26 22:55 - 2010-09-19 11:32 - 01213752 _____ C:\windows\WindowsUpdate.log
2013-12-26 22:52 - 2010-09-19 11:57 - 00000050 _____ C:\windows\system32\SupplicantTest.log
2013-12-26 22:51 - 2013-09-16 19:35 - 00010752 _____ C:\windows\setupact.log
2013-12-26 22:51 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-26 18:20 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 18:20 - 2009-07-13 23:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:30 - 2013-12-26 17:25 - 00069838 _____ C:\Users\Geric\Desktop\OTL.Txt
2013-12-26 17:04 - 2013-12-26 17:04 - 00602112 _____ (OldTimer Tools) C:\Users\Geric\Desktop\OTL.exe
2013-12-26 17:01 - 2010-11-02 19:06 - 00000000 ____D C:\Users\Geric\AppData\Roaming\mIRC
2013-12-26 16:50 - 2013-09-16 19:35 - 00095746 _____ C:\windows\PFRO.log
2013-12-26 16:48 - 2013-12-26 16:48 - 00082744 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2013-12-26 16:48 - 2013-04-02 16:59 - 00207904 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-12-26 16:48 - 2012-08-08 09:48 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-12-26 16:48 - 2011-08-23 11:59 - 00422216 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-12-26 16:48 - 2011-08-23 11:59 - 00001977 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-26 16:48 - 2011-08-23 11:58 - 01034464 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-12-26 16:48 - 2011-08-23 11:58 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-12-26 16:48 - 2011-08-23 11:58 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-12-26 16:48 - 2011-08-23 11:58 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-12-20 10:02 - 2009-07-14 00:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-18 10:21 - 2013-12-18 10:21 - 00000218 _____ C:\Users\Geric\AppData\Local\recently-used.xbel
2013-12-17 21:55 - 2010-11-01 19:40 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Toshiba
2013-12-17 21:54 - 2010-08-29 23:43 - 00000000 ____D C:\ProgramData\Toshiba
2013-12-17 21:54 - 2010-08-29 23:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-17 21:54 - 2010-08-29 23:37 - 00000000 ____D C:\Program Files\TOSHIBA
2013-12-17 21:52 - 2010-08-29 23:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2013-12-17 09:23 - 2013-12-15 19:17 - 00000000 ____D C:\ProgramData\InternetUpdater
2013-12-16 09:02 - 2013-12-16 09:02 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-15 23:29 - 2013-08-14 21:37 - 00000000 ____D C:\windows\system32\MRT
2013-12-15 22:27 - 2010-11-02 10:26 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Mozilla
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\Updater
2013-12-15 19:07 - 2013-12-15 19:07 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-15 17:59 - 2012-12-30 11:39 - 00000000 ____D C:\Users\Geric\AppData\Roaming\Skype
2013-12-15 17:59 - 2012-12-30 11:39 - 00000000 ____D C:\ProgramData\Skype
2013-12-15 08:02 - 2009-07-14 00:08 - 00032588 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-15 07:42 - 2010-11-24 15:00 - 00001428 _____ C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-14 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-12-12 18:28 - 2009-07-14 00:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-12 13:31 - 2011-10-20 10:52 - 00000000 ____D C:\Users\Geric\AppData\Roaming\vlc
2013-12-12 08:11 - 2009-07-13 23:45 - 05040640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 22:43 - 2010-11-03 11:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-26 15:13 - 2013-11-19 16:10 - 00000000 ____D C:\Users\Geric\AppData\Roaming\BitLord
2013-11-26 06:54 - 2013-12-11 22:41 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 05:19 - 2013-12-11 22:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 05:18 - 2013-12-11 22:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 05:11 - 2013-12-11 22:41 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 04:48 - 2013-12-11 22:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 04:46 - 2013-12-11 22:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 04:41 - 2013-12-11 22:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 04:29 - 2013-12-11 22:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 04:27 - 2013-12-11 22:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 04:23 - 2013-12-11 22:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 04:21 - 2013-12-11 22:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 04:18 - 2013-12-11 22:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 04:18 - 2013-12-11 22:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 04:16 - 2013-12-11 22:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 03:57 - 2013-12-11 22:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 03:38 - 2013-12-11 22:41 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 03:38 - 2013-12-11 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 03:35 - 2013-12-11 22:41 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 03:32 - 2013-12-11 22:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 03:28 - 2013-12-11 22:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 03:16 - 2013-12-11 22:41 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 03:02 - 2013-12-11 22:41 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-26 02:48 - 2013-12-11 22:41 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-26 02:32 - 2013-12-11 22:41 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-26 02:26 - 2013-12-11 22:41 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-26 02:07 - 2013-12-11 22:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-26 01:40 - 2013-12-11 22:41 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-26 01:34 - 2013-12-11 22:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-26 01:34 - 2013-12-11 22:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-26 01:33 - 2013-12-11 22:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-26 01:27 - 2013-12-11 22:41 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-20 11:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by Geric at 2013-12-26 22:59:09
Running from C:\Users\Geric\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe SVG Viewer 3.0 (x32 Version: 3.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Auslogics Disk Defrag (x32 Version: 3.5)
avast! Free Antivirus (x32 Version: 9.0.2011)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J835DW (x32 Version: 1.0.8.0)
BS.Player FREE (x32 Version: 2.58.1058)
CCleaner (Version: 3.28)
Cisco Connect (x32 Version: 1.4.11299.0)
CleanUp! (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EPUB to MOBI (x32)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.4.0)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (x32 Version: 9.5.7.1002)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
Internet Updater (x32 Version: 2.6.52)
iTunes (Version: 11.1.3.8)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JMicron Flash Media Controller Driver (x32 Version: 1.0.44.1)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (x32 Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Updatus (x32 Version: 1.0.3)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Daemon (x32 Version: 2.2.20000)
Polar WebSync (x32 Version: 2.8.10006)
QuickTime (x32 Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.20.503.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)
Scansoft PDF Professional (x32)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Switch Sound File Converter (x32)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Tar98 (x32)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 3.00.11)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.2.12-A)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C)
TOSHIBA HDD Protection (Version: 2.2.0.4)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.11)
TOSHIBA PC Health Monitor (Version: 1.7.1.64)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Sleep Utility (x32 Version: 1.4.1.2)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.14.64)
TOSHIBA Value Added Package (x32 Version: 1.3.14.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.16)
ToshibaRegistration (x32 Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
Updater (x32 Version: 2.6.49)
Utility Common Driver (x32 Version: 1.0.52.1C)
VLC media player 2.0.3 (x32 Version: 2.0.3)
VSO ConvertXToDVD (x32 Version: 5.0.0.42)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Xvid Video Codec (x32 Version: 1.3.2)
Yahoo! Detect (x32)

==================== Restore Points =========================

26-12-2013 21:47:05 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-13 21:34 - 2012-07-25 10:03 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00DA2FD0-4876-40E0-8EC0-A3CCC8059FFD} - System32\Tasks\9ae256c => C:\Users\Geric\AppData\Local\Temp\\setup162407788.exe
Task: {091F9889-A6EF-4AF0-92B7-07844DE83130} - System32\Tasks\5e738a0c => C:\Users\Geric\AppData\Local\Temp\\setup1584630284.exe
Task: {2176FB6E-83C5-485C-BB06-F7F17365746E} - System32\Tasks\5bc8483c => C:\Users\Geric\AppData\Local\Temp\\setup1539852348.exe
Task: {2F2710B2-57AB-446E-9062-7979A14D36C5} - \1344592504 No Task File
Task: {330BD24F-F441-4139-84EC-96FCBE010423} - System32\Tasks\43246e80 => C:\Users\Geric\AppData\Local\Temp\\setup1126461056.exe
Task: {414F38A6-2EB9-4C68-A525-472281E6E120} - System32\Tasks\6f7a9eac => C:\Users\Geric\AppData\Local\Temp\\setup1870306988.exe
Task: {42517798-C960-4551-8E66-C39582418FDF} - System32\Tasks\cc866724 => C:\Users\Geric\AppData\Local\Temp\\setup3431360292.exe
Task: {4BF5B6B7-E016-49D0-84FE-F5C6AC5D843C} - System32\Tasks\f252189c => C:\Users\Geric\AppData\Local\Temp\\setup3381066524.exe
Task: {4EB242B1-C0D6-42E8-82DC-98C09F676585} - System32\Tasks\19151190 => C:\Users\Geric\AppData\Local\Temp\\setup420811152.exe <==== ATTENTION
Task: {51CDE4D4-CC57-40D1-9E9C-DD1106A02AD2} - System32\Tasks\338d86ac => C:\Users\Geric\AppData\Local\Temp\\setup864913068.exe
Task: {56C883C8-198D-42F5-90F5-A4C3CA2D5DC0} - \2785707988 No Task File
Task: {5A01EA57-B77B-461F-A1F4-5AE9EAE7D1B9} - \148966016 No Task File
Task: {5B552779-4F2E-43A5-AFB0-E879BA28B3CC} - \2545092780 No Task File
Task: {64B33BD0-15F5-4FE1-B4C2-DA1ED6C75287} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {664D5DA7-7CD9-4D4A-BE01-5689DCC3C9B3} - \27238332 No Task File
Task: {665A0976-CAF3-48CE-9D08-ED3020342F2D} - \3953273344 No Task File
Task: {6CF09EC5-6975-48BE-A9BE-5517B0E53654} - System32\Tasks\864a2fd4 => C:\Users\Geric\AppData\Local\Temp\\setup2253008852.exe
Task: {74CE5AA1-1B61-49BF-BAE8-B8BE96D94C5B} - \4049448584 No Task File
Task: {7BA20E2C-7403-4A13-8A82-27F516510D3D} - \1357585080 No Task File
Task: {7EE1D485-AEF3-46AE-A91C-5755E8DEFA87} - System32\Tasks\ce9e76e0 => C:\Users\Geric\AppData\Local\Temp\\setup3466491616.exe
Task: {8267D190-2E7F-45EC-8BAB-6BF265441FFE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13] (Microsoft Corporation)
Task: {83F9EF8C-0AC6-4733-9D73-99489EA64A35} - System32\Tasks\2a80ea24 => C:\Users\Geric\AppData\Local\Temp\\setup713091620.exe
Task: {9844F375-D9F5-4995-A49E-A9AD73B48CDC} - \106050984 No Task File
Task: {A6BD758B-785F-4F17-9D2E-3F5B63A85631} - System32\Tasks\7221686c => C:\Users\Geric\AppData\Local\Temp\\setup1914792044.exe
Task: {B3BC1C59-E71D-4908-BA14-1EF6DDB143C5} - \1241108000 No Task File
Task: {B88CCBD7-10E4-4420-82C7-4F735936CB30} - \2434395824 No Task File
Task: {C3B27EB5-0A7A-491E-A767-460863F3691C} - \1967504624 No Task File
Task: {CD6EF238-FB12-46A0-BC36-45E1A2A6BEF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {CE9EDE82-44A7-4918-A92B-2AC09CF27CFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-26] (AVAST Software)
Task: {D93CF0AD-1602-410F-A998-950414B78080} - System32\Tasks\6a11a518 => C:\Users\Geric\AppData\Local\Temp\\setup1095134428.exe
Task: {D9554516-3815-43AD-8FD0-0DCA5B12F028} - System32\Tasks\f754e98c => C:\Users\Geric\AppData\Local\Temp\\setup4149537164.exe
Task: {E8CEA4E1-554F-462C-8C3D-0417F992B543} - \2739696928 No Task File
Task: {EFF65112-B820-4A56-8E7C-674374082A2A} - System32\Tasks\c096e140 => C:\Users\Geric\AppData\Local\Temp\\setup3231113536.exe
Task: {FD0EDC1F-1191-4BFF-879A-324CB3CC2ED3} - System32\Tasks\{E9D50A58-C7E8-44F8-80F7-F481D89DEEE6} => C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-05 11:21 - 2010-03-05 11:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-12-26 16:46 - 2013-12-26 11:53 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\13122601\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2013-10-23 08:53 - 2013-10-23 08:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Geric\Cookies:NPvv03KOXbzv0SRn73sfpQH7
AlternateDataStreams: C:\Users\Geric\AppData\Local\4cWMhJUz:tEt7J6lJ3SRS9qw2wmEeq4Urez

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2013 08:51:10 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dbc

Start Time: 01cf02a2d2252239

Termination Time: 109

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/20/2013 11:53:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/19/2013 02:11:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/19/2013 01:32:47 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d08

Start Time: 01cefcd9e2f4e1e7

Termination Time: 203

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/19/2013 11:45:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/18/2013 02:23:48 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e88

Start Time: 01cefc0b061cc583

Termination Time: 268

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/18/2013 01:14:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/17/2013 05:47:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/16/2013 05:23:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/15/2013 07:07:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: DownloadACC.exe, version: 0.0.0.0, time stamp: 0x4f47e2df
Faulting module name: DownloadACC.dll, version: 0.0.0.0, time stamp: 0x5268d984
Exception code: 0xc0000005
Fault offset: 0x000027b4
Faulting process id: 0x3ea8
Faulting application start time: 0xDownloadACC.exe0
Faulting application path: DownloadACC.exe1
Faulting module path: DownloadACC.exe2
Report Id: DownloadACC.exe3

System errors:
=============
Error: (12/26/2013 10:52:08 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/26/2013 10:52:03 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/26/2013 10:52:03 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/26/2013 10:52:01 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/26/2013 10:51:45 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:26:26 PM on ‎12/‎26/‎2013 was unexpected.

Error: (12/26/2013 06:12:12 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/26/2013 06:12:06 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/26/2013 06:12:06 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/26/2013 06:12:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/26/2013 06:11:47 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:43:22 PM on ‎12/‎26/‎2013 was unexpected.

Microsoft Office Sessions:
=========================
Error: (12/26/2013 08:51:10 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164281dbc01cf02a2d2252239109C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/20/2013 11:53:17 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/19/2013 02:11:58 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/19/2013 01:32:47 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164281d0801cefcd9e2f4e1e7203C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/19/2013 11:45:23 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/18/2013 02:23:48 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.164281e8801cefc0b061cc583268C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/18/2013 01:14:26 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/17/2013 05:47:17 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/16/2013 05:23:12 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (12/15/2013 07:07:09 PM) (Source: Application Error)(User: )
Description: DownloadACC.exe0.0.0.04f47e2dfDownloadACC.dll0.0.0.05268d984c0000005000027b43ea801cef9f2c1cd1fcbC:\Users\Geric\AppData\Local\Temp\nsqD196.tmp\DownloadAcc\DownloadACC.exeC:\Users\Geric\AppData\Local\Temp\nsw1E6F.tmp\DownloadACC.dll00dc57ac-65e6-11e3-903e-88ae1d5ad951

CodeIntegrity Errors:
===================================
Date: 2012-07-25 10:59:56.107
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-07-25 10:59:56.029
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-23 08:52:28.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-23 08:52:28.698
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4026.67 MB
Available physical RAM: 2186.65 MB
Total Pagefile: 8051.52 MB
Available Pagefile: 6008.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI105957W0F) (Fixed) (Total:583.11 GB) (Free:379.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: D0CECDEE)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

==================== End Of Log ============================

farbar service scanner:

Farbar Service Scanner Version: 05-12-2013
Ran by Geric (administrator) on 26-12-2013 at 23:04:22
Running from "C:\Users\Geric\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#4
JSntgRvr

Posted 27 December 2013 - 02:01 PM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file.

Save it in the location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not, please manually reboot the computer.

After the re-boot, re-run Farbar's Service Scanner and post the new report.

#5
geric16

Posted 27 December 2013 - 04:00 PM

Member

Topic Starter
Member
125 posts

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2013 01
Ran by Geric at 2013-12-27 16:48:22 Run:1
Running from C:\Users\Geric\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931\n. ATTENTION! ====> ZeroAccess?
HKU\Jessica\...\Run: [HKCU] - C:\directory\CyberGate\install\svchost.exe
C:\directory\CyberGate\install\svchost.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL =
SearchScopes: HKCU - {13F3E64E-CEF0-4694-AED4-BFEB989D8805} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-05] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931
C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931
Task: {00DA2FD0-4876-40E0-8EC0-A3CCC8059FFD} - System32\Tasks\9ae256c => C:\Users\Geric\AppData\Local\Temp\\setup162407788.exe
Task: {091F9889-A6EF-4AF0-92B7-07844DE83130} - System32\Tasks\5e738a0c => C:\Users\Geric\AppData\Local\Temp\\setup1584630284.exe
Task: {2176FB6E-83C5-485C-BB06-F7F17365746E} - System32\Tasks\5bc8483c => C:\Users\Geric\AppData\Local\Temp\\setup1539852348.exe
Task: {2F2710B2-57AB-446E-9062-7979A14D36C5} - \1344592504 No Task File
Task: {330BD24F-F441-4139-84EC-96FCBE010423} - System32\Tasks\43246e80 => C:\Users\Geric\AppData\Local\Temp\\setup1126461056.exe
Task: {414F38A6-2EB9-4C68-A525-472281E6E120} - System32\Tasks\6f7a9eac => C:\Users\Geric\AppData\Local\Temp\\setup1870306988.exe
Task: {42517798-C960-4551-8E66-C39582418FDF} - System32\Tasks\cc866724 => C:\Users\Geric\AppData\Local\Temp\\setup3431360292.exe
Task: {4BF5B6B7-E016-49D0-84FE-F5C6AC5D843C} - System32\Tasks\f252189c => C:\Users\Geric\AppData\Local\Temp\\setup3381066524.exe
Task: {4EB242B1-C0D6-42E8-82DC-98C09F676585} - System32\Tasks\19151190 => C:\Users\Geric\AppData\Local\Temp\\setup420811152.exe <==== ATTENTION
Task: {51CDE4D4-CC57-40D1-9E9C-DD1106A02AD2} - System32\Tasks\338d86ac => C:\Users\Geric\AppData\Local\Temp\\setup864913068.exe
Task: {56C883C8-198D-42F5-90F5-A4C3CA2D5DC0} - \2785707988 No Task File
Task: {5A01EA57-B77B-461F-A1F4-5AE9EAE7D1B9} - \148966016 No Task File
Task: {5B552779-4F2E-43A5-AFB0-E879BA28B3CC} - \2545092780 No Task File
Task: {664D5DA7-7CD9-4D4A-BE01-5689DCC3C9B3} - \27238332 No Task File
Task: {665A0976-CAF3-48CE-9D08-ED3020342F2D} - \3953273344 No Task File
Task: {6CF09EC5-6975-48BE-A9BE-5517B0E53654} - System32\Tasks\864a2fd4 => C:\Users\Geric\AppData\Local\Temp\\setup2253008852.exe
Task: {74CE5AA1-1B61-49BF-BAE8-B8BE96D94C5B} - \4049448584 No Task File
Task: {7BA20E2C-7403-4A13-8A82-27F516510D3D} - \1357585080 No Task File
Task: {7EE1D485-AEF3-46AE-A91C-5755E8DEFA87} - System32\Tasks\ce9e76e0 => C:\Users\Geric\AppData\Local\Temp\\setup3466491616.exe
Task: {83F9EF8C-0AC6-4733-9D73-99489EA64A35} - System32\Tasks\2a80ea24 => C:\Users\Geric\AppData\Local\Temp\\setup713091620.exe
Task: {9844F375-D9F5-4995-A49E-A9AD73B48CDC} - \106050984 No Task File
Task: {A6BD758B-785F-4F17-9D2E-3F5B63A85631} - System32\Tasks\7221686c => C:\Users\Geric\AppData\Local\Temp\\setup1914792044.exe
Task: {B3BC1C59-E71D-4908-BA14-1EF6DDB143C5} - \1241108000 No Task File
Task: {B88CCBD7-10E4-4420-82C7-4F735936CB30} - \2434395824 No Task File
Task: {C3B27EB5-0A7A-491E-A767-460863F3691C} - \1967504624 No Task File
Task: {CD6EF238-FB12-46A0-BC36-45E1A2A6BEF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {D93CF0AD-1602-410F-A998-950414B78080} - System32\Tasks\6a11a518 => C:\Users\Geric\AppData\Local\Temp\\setup1095134428.exe
Task: {D9554516-3815-43AD-8FD0-0DCA5B12F028} - System32\Tasks\f754e98c => C:\Users\Geric\AppData\Local\Temp\\setup4149537164.exe
Task: {E8CEA4E1-554F-462C-8C3D-0417F992B543} - \2739696928 No Task File
Task: {EFF65112-B820-4A56-8E7C-674374082A2A} - System32\Tasks\c096e140 => C:\Users\Geric\AppData\Local\Temp\\setup3231113536.exe
AlternateDataStreams: C:\Users\Geric\Cookies:NPvv03KOXbzv0SRn73sfpQH7
AlternateDataStreams: C:\Users\Geric\AppData\Local\4cWMhJUz:tEt7J6lJ3SRS9qw2wmEeq4Urez
End
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKU\Jessica\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU => Value deleted successfully.
"C:\directory\CyberGate\install\svchost.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13F3E64E-CEF0-4694-AED4-BFEB989D8805} => Key deleted successfully.
HKCR\CLSID\{13F3E64E-CEF0-4694-AED4-BFEB989D8805} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
InternetUpdater => Service deleted successfully.
MyWiFiDHCPDNS => Service deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$3916e6da1b1a3eee25e53a1033550931 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3855451286-3944966642-1798097057-1002\$3916e6da1b1a3eee25e53a1033550931 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00DA2FD0-4876-40E0-8EC0-A3CCC8059FFD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00DA2FD0-4876-40E0-8EC0-A3CCC8059FFD} => Key deleted successfully.
C:\Windows\System32\Tasks\9ae256c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9ae256c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{091F9889-A6EF-4AF0-92B7-07844DE83130} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{091F9889-A6EF-4AF0-92B7-07844DE83130} => Key deleted successfully.
C:\Windows\System32\Tasks\5e738a0c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5e738a0c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2176FB6E-83C5-485C-BB06-F7F17365746E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2176FB6E-83C5-485C-BB06-F7F17365746E} => Key deleted successfully.
C:\Windows\System32\Tasks\5bc8483c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5bc8483c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2710B2-57AB-446E-9062-7979A14D36C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2710B2-57AB-446E-9062-7979A14D36C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1344592504 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330BD24F-F441-4139-84EC-96FCBE010423} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330BD24F-F441-4139-84EC-96FCBE010423} => Key deleted successfully.
C:\Windows\System32\Tasks\43246e80 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\43246e80 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{414F38A6-2EB9-4C68-A525-472281E6E120} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414F38A6-2EB9-4C68-A525-472281E6E120} => Key deleted successfully.
C:\Windows\System32\Tasks\6f7a9eac => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6f7a9eac => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42517798-C960-4551-8E66-C39582418FDF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42517798-C960-4551-8E66-C39582418FDF} => Key deleted successfully.
C:\Windows\System32\Tasks\cc866724 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cc866724 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BF5B6B7-E016-49D0-84FE-F5C6AC5D843C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF5B6B7-E016-49D0-84FE-F5C6AC5D843C} => Key deleted successfully.
C:\Windows\System32\Tasks\f252189c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f252189c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EB242B1-C0D6-42E8-82DC-98C09F676585} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EB242B1-C0D6-42E8-82DC-98C09F676585} => Key deleted successfully.
C:\Windows\System32\Tasks\19151190 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\19151190 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51CDE4D4-CC57-40D1-9E9C-DD1106A02AD2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51CDE4D4-CC57-40D1-9E9C-DD1106A02AD2} => Key deleted successfully.
C:\Windows\System32\Tasks\338d86ac => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\338d86ac => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56C883C8-198D-42F5-90F5-A4C3CA2D5DC0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C883C8-198D-42F5-90F5-A4C3CA2D5DC0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2785707988 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A01EA57-B77B-461F-A1F4-5AE9EAE7D1B9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A01EA57-B77B-461F-A1F4-5AE9EAE7D1B9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\148966016 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B552779-4F2E-43A5-AFB0-E879BA28B3CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B552779-4F2E-43A5-AFB0-E879BA28B3CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2545092780 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{664D5DA7-7CD9-4D4A-BE01-5689DCC3C9B3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664D5DA7-7CD9-4D4A-BE01-5689DCC3C9B3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\27238332 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{665A0976-CAF3-48CE-9D08-ED3020342F2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665A0976-CAF3-48CE-9D08-ED3020342F2D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3953273344 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CF09EC5-6975-48BE-A9BE-5517B0E53654} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CF09EC5-6975-48BE-A9BE-5517B0E53654} => Key deleted successfully.
C:\Windows\System32\Tasks\864a2fd4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\864a2fd4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74CE5AA1-1B61-49BF-BAE8-B8BE96D94C5B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74CE5AA1-1B61-49BF-BAE8-B8BE96D94C5B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4049448584 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA20E2C-7403-4A13-8A82-27F516510D3D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA20E2C-7403-4A13-8A82-27F516510D3D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1357585080 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EE1D485-AEF3-46AE-A91C-5755E8DEFA87} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EE1D485-AEF3-46AE-A91C-5755E8DEFA87} => Key deleted successfully.
C:\Windows\System32\Tasks\ce9e76e0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ce9e76e0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83F9EF8C-0AC6-4733-9D73-99489EA64A35} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83F9EF8C-0AC6-4733-9D73-99489EA64A35} => Key deleted successfully.
C:\Windows\System32\Tasks\2a80ea24 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2a80ea24 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9844F375-D9F5-4995-A49E-A9AD73B48CDC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9844F375-D9F5-4995-A49E-A9AD73B48CDC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\106050984 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6BD758B-785F-4F17-9D2E-3F5B63A85631} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6BD758B-785F-4F17-9D2E-3F5B63A85631} => Key deleted successfully.
C:\Windows\System32\Tasks\7221686c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7221686c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3BC1C59-E71D-4908-BA14-1EF6DDB143C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3BC1C59-E71D-4908-BA14-1EF6DDB143C5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1241108000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B88CCBD7-10E4-4420-82C7-4F735936CB30} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B88CCBD7-10E4-4420-82C7-4F735936CB30} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2434395824 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3B27EB5-0A7A-491E-A767-460863F3691C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B27EB5-0A7A-491E-A767-460863F3691C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1967504624 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6EF238-FB12-46A0-BC36-45E1A2A6BEF3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6EF238-FB12-46A0-BC36-45E1A2A6BEF3} => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D93CF0AD-1602-410F-A998-950414B78080} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D93CF0AD-1602-410F-A998-950414B78080} => Key deleted successfully.
C:\Windows\System32\Tasks\6a11a518 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6a11a518 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9554516-3815-43AD-8FD0-0DCA5B12F028} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9554516-3815-43AD-8FD0-0DCA5B12F028} => Key deleted successfully.
C:\Windows\System32\Tasks\f754e98c => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f754e98c => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8CEA4E1-554F-462C-8C3D-0417F992B543} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8CEA4E1-554F-462C-8C3D-0417F992B543} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2739696928 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFF65112-B820-4A56-8E7C-674374082A2A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF65112-B820-4A56-8E7C-674374082A2A} => Key deleted successfully.
C:\Windows\System32\Tasks\c096e140 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c096e140 => Key deleted successfully.
"C:\Users\Geric\Cookies" => ":NPvv03KOXbzv0SRn73sfpQH7" ADS not found.
C:\Users\Geric\AppData\Local\4cWMhJUz => ":tEt7J6lJ3SRS9qw2wmEeq4Urez" ADS removed successfully.

The system needs a manual reboot.

==== End of Fixlog ====

FSS scan:

Farbar Service Scanner Version: 05-12-2013
Ran by Geric (administrator) on 27-12-2013 at 16:58:33
Running from "C:\Users\Geric\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#6
JSntgRvr

Posted 27 December 2013 - 04:25 PM

Global Moderator

Global Moderator
11,579 posts

Well done. Lets scan.

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

#7
geric16

Posted 27 December 2013 - 06:34 PM

Member

Topic Starter
Member
125 posts

I think I hit the wrong download link on your JRT site and it loaded some popups as well as a slow-pc app that runs. Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Geric on Fri 12/27/2013 at 18:49:36.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/27/2013 at 18:58:15.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware:

# AdwCleaner v3.016 - Report created 27/12/2013 at 19:04:57
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Geric - GERIC-PC
# Running from : C:\Users\Geric\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Geric\AppData\Roaming\BitLord
File Deleted : C:\windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\Geric\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [1713 octets] - [27/12/2013 19:02:48]
AdwCleaner[S1].txt - [1619 octets] - [27/12/2013 19:04:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1679 octets] ##########

Malware bytes ran showing 15 objects infected, but froze scanning additional items like it usually does. I clicked abort scan after 15 min and then checked and removed the 15 items, heres the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Geric :: GERIC-PC [administrator]

12/27/2013 7:12:39 PM
mbam-log-2013-12-27 (19-12-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 69800
Time elapsed: 17 minute(s), 34 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.

Files Detected: 13
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\Users\Geric\Desktop\7zip_14315_2210.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Geric\Desktop\Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Geric\Local Settings\Temporary Internet Files\Content.IE5\VS1GDKLV\getUpdateZip4.1.25[1].zip (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\2937fa.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.

(end)

#8
JSntgRvr

Posted 27 December 2013 - 07:06 PM

Global Moderator

Global Moderator
11,579 posts

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingc...download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply.

Re-rum Malwarebytes antimalware once Rkill finishes and post the new report.

#9
geric16

Posted 27 December 2013 - 07:26 PM

Member

Topic Starter
Member
125 posts

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 12/27/2013 08:13:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Geric\AppData\Local\Temp\~nsu.tmp\Au_.exe (PID: 5160) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\batfile\shell\edit\command "@" was changed.
It was reset to "%1" %*!

* HKLM\batfile\shell\print\command "@" was changed.
It was reset to "%1" %*!

* HKLM\batfile\shell\print\command "@" was changed.
It was reset to "%1" %*!

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/27/2013 08:15:03 PM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)

Malwarebytes does the same thing, scans til additional items then it just hangs. Time counts every 37 seconds and will go as long as you let it but it freezes when you click it. I can abort the scan to exit it but it wont finish scan when it gets to additional items. It didn't find any infected items this time though.

#10
JSntgRvr

Posted 27 December 2013 - 08:07 PM

Global Moderator

Global Moderator
11,579 posts

Lets call the Calvary:

Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

#11
geric16

Posted 27 December 2013 - 09:32 PM

Member

Topic Starter
Member
125 posts

I downloaded combo fix and ran as directed. Closed all browsers and disabled avast. Combo fix ran to stage 3 where it just sits. I know it says usually 10 minutes but may double but it's been 40 min and its still on stage 3.

#12
geric16

Posted 27 December 2013 - 09:45 PM

Member

Topic Starter
Member
125 posts

It took a long time but it did complete, here is log.

ComboFix 13-12-26.01 - Geric 12/27/2013 22:08:55.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4027.2239 [GMT -5:00]
Running from: c:\users\Geric\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-28 )))))))))))))))))))))))))))))))
.
.
2013-12-28 03:40 . 2013-12-28 03:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-28 03:40 . 2013-12-28 03:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-28 03:40 . 2013-12-28 03:40 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2013-12-28 03:40 . 2013-12-28 03:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-28 01:10 . 2013-12-28 01:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{947ED2DD-BDEE-4C9C-92F3-8771F4648377}\offreg.dll
2013-12-28 00:11 . 2013-12-28 00:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-28 00:11 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-28 00:11 . 2013-12-28 01:01 -------- d-----w- c:\programdata\Fighters
2013-12-28 00:02 . 2013-12-28 00:04 -------- d-----w- C:\AdwCleaner
2013-12-27 22:41 . 2013-12-27 22:41 -------- d-----w- c:\windows\ERUNT
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\program files (x86)\FileAssociationManager
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\users\Geric\AppData\Roaming\FileAssociationManager
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\programdata\Yahoo! Companion
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\users\Geric\AppData\Roaming\Yahoo!
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\programdata\Yahoo!
2013-12-27 22:36 . 2013-12-27 22:36 -------- d-----w- c:\program files (x86)\Yahoo!
2013-12-27 03:58 . 2013-12-27 21:48 -------- d-----w- C:\FRST
2013-12-26 21:48 . 2013-12-27 21:47 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-16 14:02 . 2013-12-16 14:02 -------- d-----w- c:\programdata\Websteroids
2013-12-16 00:07 . 2013-12-16 00:07 -------- d-----w- c:\programdata\Updater
2013-12-16 00:07 . 2013-12-16 00:07 -------- d-----w- c:\programdata\RHelpers
2013-12-12 03:43 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 03:43 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 03:43 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 03:43 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 03:43 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 17:37 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-26 21:48 . 2013-04-02 21:59 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-26 21:48 . 2011-08-23 16:59 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-12-26 21:48 . 2011-08-23 16:58 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-26 21:48 . 2011-08-23 16:58 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-26 21:48 . 2011-08-23 16:58 334136 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-26 21:48 . 2011-08-23 16:58 43152 ----a-w- c:\windows\avastSS.scr
2013-12-16 03:27 . 2010-11-02 15:26 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-14 20:25 . 2013-11-14 20:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 20:25 . 2013-11-14 20:25 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 16:32 . 2013-11-14 16:32 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-14 16:32 . 2013-11-14 16:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-14 16:32 . 2013-11-14 16:32 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-14 16:32 . 2013-11-14 16:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-14 16:32 . 2013-11-14 16:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-14 16:32 . 2013-11-14 16:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-14 16:32 . 2013-11-14 16:32 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-14 16:32 . 2013-11-14 16:32 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-14 16:32 . 2013-11-14 16:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-14 16:32 . 2013-11-14 16:32 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-14 16:32 . 2013-11-14 16:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-14 16:32 . 2013-11-14 16:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-14 16:32 . 2013-11-14 16:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-14 16:32 . 2013-11-14 16:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-14 16:32 . 2013-11-14 16:32 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-14 16:32 . 2013-11-14 16:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-14 16:32 . 2013-11-14 16:32 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-14 16:32 . 2013-11-14 16:32 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-14 16:32 . 2013-11-14 16:32 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-14 16:32 . 2013-11-14 16:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-14 16:32 . 2013-11-14 16:32 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 16:32 . 2013-11-14 16:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-14 16:32 . 2013-11-14 16:32 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-14 16:32 . 2013-11-14 16:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-14 16:32 . 2013-11-14 16:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-14 16:32 . 2013-11-14 16:32 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-14 16:32 . 2013-11-14 16:32 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-14 16:32 . 2013-11-14 16:32 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-14 16:32 . 2013-11-14 16:32 413696 ----a-w- c:\windows\system32\html.iec
2013-11-14 16:32 . 2013-11-14 16:32 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 16:32 . 2013-11-14 16:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-14 16:32 . 2013-11-14 16:32 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-14 16:32 . 2013-11-14 16:32 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-14 16:32 . 2013-11-14 16:32 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-14 16:32 . 2013-11-14 16:32 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-14 16:32 . 2013-11-14 16:32 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-14 16:32 . 2013-11-14 16:32 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-14 16:32 . 2013-11-14 16:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-14 16:32 . 2013-11-14 16:32 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-14 16:32 . 2013-11-14 16:32 235520 ----a-w- c:\windows\system32\url.dll
2013-11-14 16:32 . 2013-11-14 16:32 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-14 16:32 . 2013-11-14 16:32 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-14 16:32 . 2013-11-14 16:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-14 16:32 . 2013-11-14 16:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-14 16:32 . 2013-11-14 16:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-14 16:32 . 2013-11-14 16:32 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-14 16:32 . 2013-11-14 16:32 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-14 16:32 . 2013-11-14 16:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-14 16:32 . 2013-11-14 16:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-14 16:32 . 2013-11-14 16:32 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-14 16:32 . 2013-11-14 16:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-14 16:32 . 2013-11-14 16:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-14 16:32 . 2013-11-14 16:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-14 16:32 . 2013-11-14 16:32 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-14 16:32 . 2013-11-14 16:32 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-14 16:32 . 2013-11-14 16:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-14 16:32 . 2013-11-14 16:32 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-14 16:32 . 2013-11-14 16:32 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-14 16:32 . 2013-11-14 16:32 101376 ----a-w- c:\windows\system32\inseng.dll
2013-10-23 13:53 . 2013-04-02 21:59 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 13:53 . 2012-05-28 19:34 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-14 23:00 . 2013-11-14 16:34 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 15:08 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 15:08 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 15:08 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 15:08 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 15:08 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 15:08 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 15:08 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 15:08 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 15:08 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 15:08 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 15:08 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 15:08 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 15:08 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 15:08 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 15:08 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2013-12-26 1138536]
.
[HKEY_CLASSES_ROOT\clsid\{cc1a175a-e45b-41ed-a30c-c9b1d7a0c02f}]
[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-26 3764024]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\9246fa90-f5df-4dbf-aefe-4cfe93ef8c08.exe" [2013-11-23 180184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe;c:\program files (x86)\Polar\Daemon\polard.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2013-12-26 1372864]
.
[HKEY_CLASSES_ROOT\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}]
[HKEY_CLASSES_ROOT\TypeLib\{6B795924-95E7-4D31-8521-407360C3AA0B}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-26 21:48 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant =
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\switch.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-27 22:44:05
ComboFix-quarantined-files.txt 2013-12-28 03:44
.
Pre-Run: 407,413,399,552 bytes free
Post-Run: 407,098,146,816 bytes free
.
- - End Of File - - A962100B9CB04B3F3788F487404FA3B7

#13
JSntgRvr

Posted 28 December 2013 - 09:03 AM

Global Moderator

Global Moderator
11,579 posts

How is the computer doing?

#14
geric16

Posted 28 December 2013 - 09:34 AM

Member

Topic Starter
Member
125 posts

I just started it up today so haven't really done much with it since last night after the combofix. The combofix took a long time to finish but I don't see the westeroids icon anymore or the slow-pc thing. I did notice in the control panel under uninstall programs there was a yahoo toolbar, cwa reminder by we care.com that were installed yesterday when I clicked on the wrong link I think. When I click to uninstall it gives me error messages. I am going to try and run Malwarebytes to see if it will fully run without hanging at additional items.

#15
geric16

Posted 28 December 2013 - 10:20 AM

Member

Topic Starter
Member
125 posts

Ran malware bytes, did same thing. Ran til about five minutes where it scans additional items then just hangs and counts every 37 seconds. I let it run for 45 minutes before I finally hit abort while it was hung and it eventually closed.